Dailydave mailing list archives
Re: FireEye is sad.
From: Moses Hernandez <moses () moses io>
Date: Sun, 13 Sep 2015 20:07:27 -0400
Being in Vendor land right now, I'll keep my comments brief, because they are just that my comments from just me. On the subject of regulation however, I just want to be clear. I was, and to an extend, still am in the camp of 'regulation'. I know that the Wassenaar arrangement was far from what I had in mind. The proposed legislation was rather sickening. When I think of maturity in our field, or even just playing in the big leagues, I try and think of what other professions look like. Just for a moment, suspend belief and think about the basic mechanism of getting from onto our tables. For us Americans on the list, lets just consider the FDA. Consumers want to have confidence in the product that they are buying. They want to know that the Blue Bell Ice Cream they are consuming is going to be maybe not as good as Cherry Garcia( http://www.benjerry.com/flavors/cherry-garcia-ice-cream), but still edible, one would hope: http://www.fda.gov/Food/RecallsOutbreaksEmergencies/Outbreaks/ucm438104.htm Interesting story found here: ( http://www.marketplace.org/topics/health-care/who-pays-new-fda-food-safety-rules) which claims: "Federal officials put the cost of compliance at about $380 million for an industry that generates about $1.1 trillion in retail food sales." Confidence breeds markets to grow in a sustainable way, or at a minimum just grow. But of course, Wassenar-like regulatory changes, could always happen in the Food industry, even if all we want is to be not poisoned, and for things like this you have associations. This is where our industry, probably lacks a bit of guidance, but stroll through any state capital and you will see these types of association buildings: (http://www.ffva.com/). Even though we can understand why this would be important in the age of say, Wassanar, what does this have to do with vendors and their attempts to shutdown research? I think what we need to understand as an industry is that just like the car manufacturers from time to time will take an actuarial approach to safety and try and avoid correcting issues, we may find the same in our lines of work. Safety, maybe even, regulatory style safety, will eventually happen. It's just the way we have to mature. We probably will not see if some time until there is a sudden event that forces is, because our trajectory of growing the software segments and our industry will really slow. But then again, confidence breeds growth in markets, so who is going to buy the car with the lowest safety rating? And who will buy the food that will poison them the most?[1] [1] we do. ( http://www.nbcnews.com/id/11992264/ns/health-fitness/t/should-you-defrost-your-diet/ ) On Fri, Sep 11, 2015 at 9:27 AM, Dave Aitel <dave () immunityinc com> wrote:
The real question in security is always how to play Poker against an opponent who can see all your cards. http://www.forbes.com/sites/thomasbrewster/2015/09/10/fireeye-slammed-over-injunction/ https://lists.immunityinc.com/pipermail/dailydave/2013-March/000353.html In a way our "IP" laws have confused a lot of us about security. What if NOBODY TALKED ABOUT OUR WEAKNESSES BECAUSE IT WAS ILLEGAL, the management teams say. This, of course, directly relates to the "regulation is GOING to happen" Wassenaar crowd because it's the exact same fundamental psychology at work. "We're going to regulate away the threat" is as useless as saying "hackers won't buy our boxes to find out how to bypass our defenses". -dave _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- FireEye is sad. Dave Aitel (Sep 11)
- Re: FireEye is sad. Steve (Sep 11)
- Re: FireEye is sad. Arrigo Triulzi (Sep 11)
- Re: FireEye is sad. Nicolas RUFF (Sep 14)
- Re: FireEye is sad. Joe Klein (Sep 17)
- Re: FireEye is sad. Arrigo Triulzi (Sep 11)
- Re: FireEye is sad. Steve (Sep 11)
- Re: FireEye is sad. Moses Hernandez (Sep 14)
- Re: FireEye is sad. Darkpassenger (Sep 17)