Preview Mode Links will not work in preview mode

Jul 7, 2014

In this episode

  • Who is Dan Geer (just in case you live in a cave and don't know)
  • Dan's definition of security - "The absence of unmitigatable surprise"
  • What exactly is the pinnacle goal of security engineering?
  • Responsibility, liability and when software fails as a result of security issues
  • In a liability lawsuit - "What did you know, when did you know it?"
  • The fraction of the population who could sign an "informed consent" is falling - so now what?
  • Why ICANN is actually making all of this so much worse
  • What do we do about "abandoned software"?
  • Fixing security bugs in software is a tricky business...good, bad, worse
  • Are things getting better [in security]?
  • Dan talks about a "diversity re-compiler" and how we can make the exploit writer's job harder
  • (from Jason White) -What "low hanging fruit" issues are we simply not addressing properly right now?
  • (from Jason White) If the Internet were being built from scratch today, what would you keep and throw away?

Guest

  • Dan Geer - Dan Geer is a computer security analyst and risk management specialist. He is recognized for raising awareness of critical computer and network security issues before the risks were widely understood, and for ground-breaking work on the economics of security.

    Geer is currently the chief information security officer for In-Q-Tel, a not-for-profit venture capital firm that invests in technology to support the Central Intelligence Agency.

    In 2003, Geer's 24-page report entitled "CyberInsecurity: The Cost of Monopoly" was released by the Computer and Communications Industry Association (CCIA). The paper argued that Microsoft's dominance of desktop computer operating systems is a threat to national security. Geer was fired (from consultancy @Stake) the day the report was made public. Geer has cited subsequent changes in the Vista operating system (notably a location-randomization feature) as evidence that Microsoft "accepted the paper." --http://en.wikipedia.org/wiki/Dan_Geer