[Dailydave] The monetization of information insecurity
dave aitel
dave at immunityinc.com
Mon Sep 8 10:07:02 EDT 2014
So I'm heading to a conference shortly and I was going to promote them
in this email but they're apparently not a public conference. I'm on a
panel called "Identification of Emerging and Evolving Threats" with some
non-US Government people who seem pretty nice.
Anyways, now that I've guaranteed myself an exciting visit from security
services, I wanted to point out the one question everyone should be
asking when they go to any conference and a new technology of any kind
is proposed as any kind of forward movement for defense. And that is
this: "How can we avoid making the mistake of Anti-Virus" ever again?
Because much like the Internet has been hamstrung at birth by the
parasitic growth of the advertising industry, the information security
community has been devastated for almost its entire existence by the
dominance of anti-virus companies and products which demonstrably
haven't worked for almost their entire reign, and in theory never could
have scaled. They are broken by design. And because they sucked all the
money and research and people from the defensive community, no actual
defenses were ever created for IT that had a hope of working.
So the only question any team of government executives working on
defense needs to be thinking about is "How is this different from
Anti-Virus in the long term? How can we avoid making that mistake ever
again?" Because until you know how that mistake was made, and can avoid
it for the next generation, "Emerging and Evolving" threats will always
be beyond your power to stop.
-dave
More information about the Dailydave
mailing list