cyber security in 2013 - an analysis
Here's a long cyber security article (text file) by Dan Greer.
I don't agree with each and every point, but the overall picture he paints is in my opinion well worth the read. Pay particular attention to this interesting observation: :: Quote :: I work the cyber security trade, that is to say
that my occupation is cyber security. Note that I said "occupation" rather than "profession." On 18 September, the U.S. National Academy of Sciences, on behalf of the Department of Homeland Security, concluded that cyber security should be seen as an occupation and not a profession because the rate of change is too great to consider professionalization. The annoying Libertarian stuff I really wish he'd left out because it's just pure and simple dogma, and adds nothing to the actual content/concepts of the article, but Libertarians in general are unable to grasp that they are espousing a non fact based dogma, so it's too much to expect them to actually see when they do it. The following is just one of many observations in the article, but one I found interesting. :: Quote :: There was a time when flaws were predominantly found by adventurers
and braggarts. Ten plus years of good work by the operating system vendors elbowed the flaw finders out of the operating system and, as a result, our principal opponents changed over from adventurers and braggarts to being professionals. Finding vulnerabilities and exploiting them is now hard enough that it has moved out of the realm of being a hobby and into the realm of being a job. This changed several things, notably that braggarts share their findings because they are paid in bragging rights. By contrast, professionals do not share and are paid in something more substantial than fame. The side effect has been a continued rise in the percentage of all vulnerabilities that are previously unknown. The trend, in other words, is that by crushing hobbyists we've raised the market price of working exploits to where now our opponents pay for research and development out of revenue. Simulating what the opponent can do thus remains the central task of defensive research. Much of that research is in crafting proofs of concept that such and such a flaw can be taken advantage of. Corman's neologism of "HD Moore's Law" says that the trend in the power of the casual attacker grows as does the trend of the power in Metasploit.[9] It is hard to think of a better description of dual use. Back to top |
|||||
All times are GMT - 8 Hours
|