Who is Dan Geer (just in case you live in a cave and don't
Dan's definition of security - "The absence of unmitigatable
What exactly is the pinnacle goal of security engineering?
Responsibility, liability and when software fails as a result
of security issues
In a liability lawsuit - "What did you know, when did you know
The fraction of the population who could sign an "informed
consent" is falling - so now what?
Why ICANN is actually making all of this so much worse
What do we do about "abandoned software"?
Fixing security bugs in software is a tricky business...good,
Are things getting better [in security]?
Dan talks about a "diversity re-compiler" and how we can make
the exploit writer's job harder
(from Jason White) -What "low hanging fruit" issues are we
simply not addressing properly right now?
(from Jason White) If the Internet were being built from
scratch today, what would you keep and throw away?
Dan Geer - Dan Geer is a computer
security analyst and risk management specialist. He is recognized
for raising awareness of critical computer and network security
issues before the risks were widely understood, and for
ground-breaking work on the economics of security.
Geer is currently the chief information security officer for
In-Q-Tel, a not-for-profit venture capital firm that invests in
technology to support the Central Intelligence Agency.
In 2003, Geer's 24-page report entitled "CyberInsecurity: The Cost
of Monopoly" was released by the Computer and Communications
Industry Association (CCIA). The paper argued that Microsoft's
dominance of desktop computer operating systems is a threat to
national security. Geer was fired (from consultancy @Stake) the day
the report was made public. Geer has cited subsequent changes in
the Vista operating system (notably a location-randomization
feature) as evidence that Microsoft "accepted the paper."
Security. Some assembly required.
Security is HARD, and 'real security' is a compromise between usability and security while knowing you're still accepting risk.
This podcast alternates between interesting interviews and news analysis every other week - tune in, subscribe and join the conversation on REAL security issues relevant to your enterprise.
Follow us on Twitter: @DtSR_Podcast
Check out Rafal's SecurityWeek column: http://www.securityweek.com/authors/rafal-los