Re: INtrusion Detection

[Adam Shostack <adam () homeport org>]

        I'd like to add to Tom's points by pointing out that computer
security is not like printing; its hard to see that things are broken.
If we fail to point out flaws in (attack) each others work, we don't
know if things are being well built.  If we were building suspension
bridges, storms would bring down a lot of bridges.  As engineers, we
would then study the failures of those bridges, and do a better job
next time.  Think of the SNI paper and Vern's paper as small storms.

        Papers like 'Goto Considered Harmful' and 'No Silver Bullet'
are large storms, in case you were wondering what qualifies. :)

Adam

tqbf () secnet com wrote:
| 
| Gary Crumrine Tue Feb 17 98
| 
| > I think we are becoming too closed minded these days. We need to root out 
| > solutions, not attacking each other's ideas
| 
| I don't know that I agree with this. I think that computer security
| technology improves largely because people attack it, find the flaws in
| other ideas, and in doing so provide the motivation and basis for design
| and implementation changes. 
| 
| If we were cryptographers (some of us may be), we'd be calling this "peer
| review", and there'd be little question of the validity of "attacking"
| other people's work. From what little I understand of crypto, we have
| things like IDEA and Blowfish because of Biham and Shamir's Differential
| Cryptanalysis work (for example) --- new attacks against crypto algorithms
| inform us of important vulnerabilities, which allows us to design new
| algorithms to address those problems.

-- 
"It is seldom that liberty of any kind is lost all at once."
                                                       -Hume