Dave’s not wrong about this. Cyber policy suffers horribly from the fact that it is disproportionately informed by popular press (i.e. clickbait).
The American Academy of Arts and Sciences recently published a collection titled ‘Governance of Dual-Use Technologies : Theory and Practice’.[1] This collection covers nuclear technologies, biological technologies, and IT / ‘cyber weapons'. If you read all three sections, it becomes very clear that one of these things is not like the other. *Number of citations from popular press in each section* Nuclear : 2/143 Bio : 3/125 Cyber : 27/110 You are not imagining things; we really are getting top-tier policy analysis of the cyber domain in which a plurality of sources are clickbait. N.B. I did not count blogs (researcher, vendor, or other) as ‘popular press’; doing so would have pushed the proportion from 25% closer to 40%. There is a further quality distinction among nuclear and bio vs cyber. You will not find the Daily Mail cited in a policy paper about dual-use biological or nuclear technologies, but cyber? Absolutely. That happens. This is why we can’t have good policies, or often even good policy discussions. Popular press – including tech press – reporting on the cyber domain is frequently riddled with errors and rife with speculation. This is equally true of nuclear and biological technologies, but we’re not crafting civil nuclear agreements based on information from that Wired article you read last year. We don’t do this elsewhere, and should not tolerate it in cyber. -Mara __________ [1] The Academy has been around since 1780, and is generally considered to be pretty legit. https://www.amacad.org/multimedia/pdfs/publications/researchpapersmonographs/GNF_Dual-Use-Technology.pdf <https://www.amacad.org/multimedia/pdfs/publications/researchpapersmonographs/GNF_Dual-Use-Technology.pdf> > On 28 Jul 2016, at 16:01, dave aitel <[email protected]> wrote: > > https://na-production.s3.amazonaws.com/documents/Bugs-in-the-System-Final.pdf > <https://na-production.s3.amazonaws.com/documents/Bugs-in-the-System-Final.pdf> > Look, I'm sure these (Andi Wilson, Ross Schulman, Kevin Bankston, Trey Herr) > are all good people:<authors.PNG> > > But I want to point out that you cannot make good policy recommendations > based on clickbait news articles you've happened to have read over the years > on a subject that is under a ton of covert protection, especially when none > of you have any personal experience in the field (and even if you DID!). If > you want to, even a little bit, claim that the vulnerability market poses the > kind of danger this paper claims, then you have to say exactly what > percentage of this so called "stockpile" gets used in the wild by our > adversaries. And you have to say why you think that percentage is too high. > Without that data, you have "unsupported opinions", or as Joe Biden would > say, "malarkey". I'm not even going to go into how "theoretical" their > musings on market behavior in this space are, because this whole policy paper > is trash without any data to back it up. > -dave > > > <notdata.PNG> > > > > > _______________________________________________ > Dailydave mailing list > [email protected] > https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
