I disagree. I think this is one of the most important lenses to inspect the problem through, as the current set of articles and discussions about MCP security I saw here over the last weeks, seem mostly oblivious to the fact that the vulnerabilities they're complaining about are also MCP's main features.
> That a system is hard to secure doesn't negate the need for it to be secure.
Correct. However, security is a spectrum - there's such a thing that "secure enough", especially when making it more secure eliminates the very reason for system's existence. Additionally, we can and should secure different parts of a system to a different degree.
For an analogy, consider utensils and workshop tools. We secure them as much as we can against accidents, but not so much as to make the tool worse at its job. We add further security by means like access controls, or laws making people responsible for use and misuse, etc. - i.e. we're making the larger system secure, without burdening the inner core.
(For comparison, fully secure version of utensils and all kinds of tools are also available on the market - you'll find them in toy stores.)
> That a system is hard to secure doesn't negate the need for it to be secure.
Correct. However, security is a spectrum - there's such a thing that "secure enough", especially when making it more secure eliminates the very reason for system's existence. Additionally, we can and should secure different parts of a system to a different degree.
For an analogy, consider utensils and workshop tools. We secure them as much as we can against accidents, but not so much as to make the tool worse at its job. We add further security by means like access controls, or laws making people responsible for use and misuse, etc. - i.e. we're making the larger system secure, without burdening the inner core.
(For comparison, fully secure version of utensils and all kinds of tools are also available on the market - you'll find them in toy stores.)