On Wed, Jan 18, 2017 at 2:12 PM, Taylor Hornby <tay...@defuse.ca> wrote:
> Less ambitiously, we can ask if complexity theory has anything to say > about simpler aspects of life. One of them is the attacker-defender arms > race in computer security. [...] Most of us are optimistic for > "silver bullet" discoveries that make doing computer security a LOT > easier [...] I'm curious if part (1) of my thesis really is accurate. I doubt it, and I say this as a more-than-decade-long fan of "perfect defense". I don't think perfect defense is possible. I think the reality is there's a lot of low-hanging fruit that can be addressed by better methods, but to put it in Ghost in the Shell terms attack surface is "vast and infinite", and attacks only get better. I don't see the cat and mouse game going away any time soon, but perhaps we'll get better at achieving "punctuated equilibrium" where defenders are able to reach some sort of brief reprieve in certain classes of attacks and provide extremely strong defenses as a sort of local maximum. That is, until some paradigm-changing attack comes crashing down, and forces everyone to rethink their entire approach to security. -- Tony Arcieri
_______________________________________________ langsec-discuss mailing list langsec-discuss@mail.langsec.org https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
