By David Mortman
I always find RSA interesting because in addition to the official theme of the conference (what was this year’s anyways?) there is the unofficial theme, that usually comes from either the show floor (Everyone remember how every year from 1999 through 2003 was “The Year of the PKI”?) or from the talks themselves.
Browsing Category: Compliance
By David Mortman
By David Mortman
I spent some time earlier this week at mini-metricon, a workshop that was inspired by the success of Andrew Jaquith’s security metrics mailing list and the larger Metricon which is held each year in conjunction with the USENIX Security Conference. In essence members of the mailing list gather each year on the Monday before RSA and share what they are doing with regards to security merics within their organizations.
If there’s one key message coming through all of the noise at the RSA Conference this week it’s the fact that there’s a pressing need for more data. Data on attacks, data on vulnerabilities, data on data breaches, data on software security, data on everything having to do with security. The mini-movement that has sprung up around metrics and measurement in security has taken over a lot of the conversation at the conference, with some interesting results.
By George V. Hulme
Last year, Craig Mundie issued a call to arms for a more “trustworthy Internet” — not that Microsoft has been entirely successful at implementing its arguably more humble Trustworthy Computing initiative. But let’s not let the computing industry’s failure to bring forward operating systems, web servers, or even Web browsers that don’t get gummed with malware, or pwned by exploits stop us for shooting for the Holy Grail of computing: a complete chain-of-trust throughout the Internet, from the bottom to the top, called End to End trust.
From ComputerWorld (Gregg Keizer)
Criminal cybergangs must be harried, hounded and hunted [computerworld.com] until they’re driven out of business, a noted botnet researcher said today as he prepared to pitch a new anti-malware strategy later this week at the RSA Conference in San Francisco.
“We need a new approach to fighting cybercrime,” said Joe Stewart (right), director of SecureWorks Inc.’s counterthreat unit. “What we’re doing now is not making a significant dent.” Read the full story [computerworld.com]
From GCN (William Jackson)
The rapidly evolving collaborative information infrastructure offers developers an opportunity to create true security by building it into information technology systems, said Arthur Coviello, president of RSA, EMC’s security division. “We are at a critical inflexion point” created by the rapid adoption of new technologies such as virtualization, cloud computing, and collaborative Web 2.0 tools and applications, Coviello said today during his keynote address at the RSA Conference.
He also called on the security community to create an ecosystem in which a common set of design standards governs the development of security tools. Read the full story [gcn.com]
As a security show, the RSA Conference leaves a lot to be desired. Its technical sessions carry an uncomfortable load of marketing baggage and don’t have either the cachet or entertaining edge of those at Black Hat or CanSecWest.
Anyone will tell you that the real business of RSA is happening off the show floor – in conference rooms and hotel suites and restaurants, where companies are doing business: technology partnerships and strategic alliances, mergers and acquisitions. Speaking personally, I’ve always found it ironic that the show, which started as a retreat for monkish cryptographers, has morphed into the back-slapping, business development Lollapalooza that it is today, but so it is.
Dennis Fisher talks with Mike Mimoso, editor of Information Security magazine, about the story lines we’re likely to see at the RSA Conference, including virtualization and cloud security, as well as the effect of the economy on security budgets.
From CNet (Jon Oltsik)
It’s nearly time for that annual spring ritual: the RSA Conference at the Moscone Center in San Francisco. ESG data tells me that, despite the recession, global organizations continue to spend on security products. So I expect another good show, though I do anticipate that the $500 kegs of Heineken at vendor booths will be omitted or replaced with Bud Light.
With the show less than a week away, here is the buzz I am anticipating. For this year, I’m including my hyperbole-to-reality ratio in my assessment. Read the full story [cnet.com]
The Internet as we know it today was designed to be a place where people could go about their business, whatever it happened to be, anonymously and without interference from other users. This model worked reasonably well for a long time, but it’s become painfully clear in recent months that some fundamental changes are needed in the way people use the network and, more importantly, how their PCs are allowed to behave.