Dirty Secrets of the Security Industry

Presented at DEF CON 15 (2007), Aug. 3, 2007, 2 p.m. (50 minutes).

The fox is guarding the hen house, and both the fox and the hens are making a lot of money in the process. Such is the state of the security industry in 2007. For the last 15 years, we have been building security into our networks and applications using concepts like "defense in depth" and "layered security." It turns out, that the attackers are now leveraging our security systems against us. Worse, we have made the security industry a self feeding, self fulfilling prophecy that may actually be causing harm to those we are trying to protect. Yeah, FUD! So while this may sound fatalistic and like I'm trying to stir up a flame war, I think there are real issues that we need to face when it comes to the next steps in computer security. This talk will uncover 8 dirty secrets of the security industry. Some you will believe, some you will be skeptical of, and some may strike a little too close to home.

Presenters:

  • Bruce Potter / @gdead - The Shmoo Group   as Bruce Potter
    Bruce Potter is the founder of the Shmoo Group of security professionals, a group dedicated to working with the community on security, privacy, and crypto issues. His areas of expertise include wireless security, software assurance, pirate songs, and restoring hopeless vehicles. Mr. Potter has co-authored several books including "802.11 Security" and "Mastering FreeBSD and OpenBSD Security" published by O'Reilly and "Mac OS X Security" by New Riders. Mr. Potter was trained in computer science at the University of Alaska, Fairbanks. Bruce Potter is a Senior Associate with Booz Allen Hamilton.

Links:

Similar Presentations: