It is easy for security folks to get into a funk. We exhibit huge levels of confirmation bias associated with the publicity associated with "how bad things are" and ignore the often boring and yet extremely more common case of things [on the Internet] being "good". So folks end up saying the Internet is failing and all is hopeless, etc.

But try asking how security professionals define failure and you can't get a straight answer. That is primarily because they haven't thought about it, and the notion of failure reverts back to some anecdote about the latest compromise or vulnerability.

This topic comes up pretty frequently (it came up today on a mailing list I'm on). It sure would help frame the discussion to define things a bit better.