Friday, July 22, 2005

$3 Billion of Snake Oil

I will be presenting a talk at DEFCON next week, and I would appreciate any assistance I can get in the way of examples of wasted security dollars.

The title and abstract of the talk are:

The Information Security Industry: $3 Billion of Snake Oil
A raging fear of The Computer Evildoers has driven enterprises to the safety of the herd, buying whatever elixirs the big vendors peddle. Security consumers waste bilions of dollars on ineffective (but well integrated!) solutions. However, as technology users grow more sophisticated about security threats (often learning the hard way), opportunities will surface for innovative startups to deliver effective IT survival mechanisms. This talk will review the industry's blunders, and sources of opportunity.

So, please post or email examples of wasted security dollars, or opportunities you see for startups in data security today.

Thank you!

4 comments:

  1. Not an example but supporting arguments on why there will never be such thing as a perfectly secure system.

    Andrew Odlyzko on Economics, psychology, and sociology of security

    ReplyDelete
  2. Anonymous8:21 AM

    There are some good classical examples in "The Cuckoo's Egg" by Clifford Stoll. I don't remember the names of the companies but a security companies computers were used by Russian Spies to break into milnet. Its a great true story. Its also a reason to never use emacs and stick to vi.

    ReplyDelete
  3. Anonymous1:21 AM

    Would VeriSign's purchase of Thawte (for a reputed $575 million ) qualify?

    ReplyDelete
  4. Anonymous7:50 AM

    Bruce Shneier of Counterpane has a newletter called "cryptogram". Go thru early issues, you will find a gazillion examples of badly implemented (and therefore wasted) security.

    ReplyDelete