[Dailydave] The monetization of information insecurity

[dave aitel]

So I'm heading to a conference shortly and I was going to promote them 
in this email but they're apparently not a public conference. I'm on a 
panel called "Identification of Emerging and Evolving Threats" with some 
non-US Government people who seem pretty nice.

Anyways, now that I've guaranteed myself an exciting visit from security 
services, I wanted to point out the one question everyone should be 
asking when they go to any conference and a new technology of any kind 
is proposed as any kind of forward movement for defense. And that is 
this: "How can we avoid making the mistake of Anti-Virus" ever again?

Because much like the Internet has been hamstrung at birth by the 
parasitic growth of the advertising industry, the information security 
community has been devastated for almost its entire existence by the 
dominance of anti-virus companies and products which demonstrably 
haven't worked for almost their entire reign, and in theory never could 
have scaled. They are broken by design. And because they sucked all the 
money and research and people from the defensive community, no actual 
defenses were ever created for IT that had a hope of working.

So the only question any team of government executives working on 
defense needs to be thinking about is "How is this different from 
Anti-Virus in the long term? How can we avoid making that mistake ever 
again?" Because until you know how that mistake was made, and can avoid 
it for the next generation, "Emerging and Evolving" threats will always 
be beyond your power to stop.

-dave