Who is Dan Geer (just in case you live in a cave and don't
Dan's definition of security - "The absence of unmitigatable
What exactly is the pinnacle goal of security engineering?
Responsibility, liability and when software fails as a result
of security issues
In a liability lawsuit - "What did you know, when did you know
The fraction of the population who could sign an "informed
consent" is falling - so now what?
Why ICANN is actually making all of this so much worse
What do we do about "abandoned software"?
Fixing security bugs in software is a tricky business...good,
Are things getting better [in security]?
Dan talks about a "diversity re-compiler" and how we can make
the exploit writer's job harder
(from Jason White) -What "low hanging fruit" issues are we
simply not addressing properly right now?
(from Jason White) If the Internet were being built from
scratch today, what would you keep and throw away?
Dan Geer - Dan Geer is a computer
security analyst and risk management specialist. He is recognized
for raising awareness of critical computer and network security
issues before the risks were widely understood, and for
ground-breaking work on the economics of security.
Geer is currently the chief information security officer for
In-Q-Tel, a not-for-profit venture capital firm that invests in
technology to support the Central Intelligence Agency.
In 2003, Geer's 24-page report entitled "CyberInsecurity: The Cost
of Monopoly" was released by the Computer and Communications
Industry Association (CCIA). The paper argued that Microsoft's
dominance of desktop computer operating systems is a threat to
national security. Geer was fired (from consultancy @Stake) the day
the report was made public. Geer has cited subsequent changes in
the Vista operating system (notably a location-randomization
feature) as evidence that Microsoft "accepted the paper."
Take a step outside the echo chamber - gain some perspective and context.
Welcome to Cybersecurity: An immature industry where we mandate impossible-to-remember complex passwords that change every 30 days - and call that security. It's an industry where everyone is an expert, but no one's actually solved anything... weird right?
This show is focused on the many aspects of cybersecurity - from professional to leadership, technical to abstract. We look to entertain you while filling your brain with expertise and knowledge from all corners of our industry and beyond. You can expect security experts, policy professionals, and people from outside our own "security bubble" because frankly, our echo chamber needs some perspective.
Join us, subscribe, and share in the conversation.
Follow us on Twitter: @DtSR_Podcast
Check out Rafal's @Medium blog at https://medium.com/@BlogWh1t3Rabbit