On Wed, Mar 23, 2011 at 10:17 AM, Michal Zalewski <[email protected]> wrote: > The real tragedy of infosec is that we simply don't have the tools to > secure large and complex organizations particularly well - not against > governments, but against bored kids with an agenda. Security vendors > are partly to blame for perpetuating a myth that a secure organization > can be built on top of the commercial AV or IDS tools that said > vendors happen offer. It does not come as a surprise that this model > does not work well, and "the world of cyber" has very little to do > with it.
<tangent> +1 to that. Let's see, commercial security products are largely parsers of untrusted data. In fact they often know how to parse many things the targets behind them, or that they run on, don't. They also tend to run with privilege or at critical points in the infrastructure. What does that spell? ATTACK SURFACE. Yah! How come only 1% of security people get that? </tangent> _______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
