I have a nice, lengthy post coming up, courtesy of a review we just got from a journal (a good one too which makes it even more sad). The single review was in response to our paper examining public versus private firewall rules which asked the simple question, do you really gain that much by keeping your firewall rules private. Hint: the answer is way less than one would think.
Anyone, onto the money quote from the reviewer:
Firewalls are generally considered a hack, not any real guarantee of security. A backstop. Do we need to analyze this hack with such loving care?
Wow, just wow. One would be hard pressed to come up with a better example as to why industry ignores the security community.