A positive side effect of many vendors being US-based is that the US market takes most of the buzzword marketing hit. :)
On a more serious note, I think there really are APTs out there, state-driven and all. The problem is when organizations use the term to get away with sub-standard security or to motivate why they can't tell you any details of a recent hack. We need to define what is required for a threat/an attack to be APT. State-driven and funded? 0-day(s) used? Tailor-made exploit for the target? That way we can at least interpret what RSA and others are saying. Right now I can only interpret their statements as "We got owned but we'll loose too much business if we tell you what happened. Just trust us instead." And I really hope that's not the truth. Continued Business by Obscurity Regards, John Sent from my iPad On 26 mar 2011, at 18:12, Gunnar Peterson <gun...@arctecgroup.net> wrote: > Advanced = goes through firewall > Persistent = tried more than once > Threat = people trying to get into valuable stuff > > Nothing new to sc-l readers, but a Reasonably good marketing term esp by > infosec standards (yay we get to scare business people with something other > than an auditor's clipboard!); really its all just the collective sound of > infrastructure security people coming to grips with the fact that their > firewall isn't a wall at all, but rather a series of holes. > > -gunnar > > > > _______________________________________________ > Secure Coding mailing list (SC-L) SC-L@securecoding.org > List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l > List charter available at - http://www.securecoding.org/list/charter.php > SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) > as a free, non-commercial service to the software security community. > Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates > _______________________________________________ _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
