Keynoting at ISSA tomorrow
I’ll be delivering the keynote at “ The Fourth Annual ISSA Northwest Regional Security Conference” tomorrow in Olympia, Washington. I’m honored to have been selected, and really excited to be talking about “the crisis in information security.”
The topics will be somewhat familiar to readers of this blog, but in a longer, more coherent format than the emergent chaos which makes it here.
I should mention, I’m doing this wearing my own hat, not a Microsoft one, and will avoid most any mention of threat modeling or SDL.
Excellent, any slides or transcript? It is encouraging to see more and more thinkers start to express this, as nothing much happens until there is industry consensus on this point.
Having agreed on that, what next? Curiously, my ‘silver bullets’ model suggests that the preferred stability is one of permanent incapacity, in the presence of a real attacker. This could be likened to an OODA loop where the attacker survives permanently turning within the industry loop. This was somewhat of a surprise to me, and it’s a bit of a concern if true. What next?
I’ll give you a dollar if you say that public vuln counts prove that SDL works! 😉
Pete
Ian, I’m not sharing the slides. They’re not useful without me talking.
Pete, I don’t think that evidence offers proof, I think it allows us to disprove things.