Bob Pratt: Between attendees, vendors, speakers, and other hangers-on, there were more than 30,000 people at the Moscone Center in San Francisco this week. To put that number in perspective, that's roughly 30% of the worldwide membership of (ISC)^2, the umbrella organization for CISSPs and related certifications. If I were a hacker, this would have been the week to strike.
David Sanger: While Mr. Carter got a respectful hearing, Jeh Johnson, the secretary of Homeland Security, and a group of other government officials ran into a buzz saw of skepticism ... cryptographers say the need for encryption is greater than ever.
DoD: State and non-state actors also pay experts to search for vulnerabilities and develop exploits. This practice has created a dangerous and uncontrolled market that serves multiple actors within the international system, often for competing purposes.
Phyllis Schneck: We want you to make money.
Jeff Atwood: A ransomware culture of "pay me or I won't tell you about your terrible security bug" does not feel very far off ... These researchers need to be working together in public, not in secret against each other. I am concerned that we may be slowly moving toward a world where given enough money, all bugs are shallow. Money does introduce some perverse incentives for software security, and those incentives should be watched closely.
Andrew Tilghman: Well-designed tests also can help with specific job assignments, for example by suggesting some cyber warriors are better suited for offensive, rather than defensive, operations. "The way the brain works for people who can find things works a little different than for the guys who build things," said Alan Paller, the SANS research director.
|