« What does scob mean? | Main | Americans for a Secure Internet »

August 09, 2004



On first blush it _looks_ like similar thinking to what was behind 'Strategy of Technology', by Possony, Pournelle and Kane. Available on the web at http://www.jerrypournelle.com/slowchange/Strat.html

Meng Weng Wong

More information on the concepts behind reputation systems can be found at

The Accountable Net http://www.aspeninstitute.org/Programt3.asp?bid=13218

The Aspen Framework (authentication, reputation, accreditation) http://spf.pobox.com/aspen.html

Whufies http://en.wikipedia.org/wiki/Whuffie

Axel Eble

I've gradually come to the conclusion that the security industry is a big part of the problem. They keep promising the Holy Grail and instead deliver a disfigured leaden cup that makes drinking from it dangerous. Yes, Intrusion Detection is a nice idea. Yes, automatic reaction to that may seem like a nice idea, too - so let's call it Intrusion Prevention. And so it goes on.

However, doing something that really works (like segmenting networks) is regarded as boring and tedious work. As long as we don't let ourselves be blinded by the false gold promises and concentrate on the really effective and efficient solutions to our problems, we'll just buy the latest and hippest stuff from vendor XYZ.

If said vendors were really interested in making the world more secure (instead of putting more currency units into their pockets or having a nice accounting sheet at the end of the quarter), things would have changed. And we are the ones to blame - because we believe them and buy their stuff.

The comments to this entry are closed.

My Photo

Risk Reading

Blog powered by Typepad