Diversity as defense

[sgorman1 () gmu edu]

We've been seeing a bit of media attention of late to diversity as a technique to make networks more secure:

http://news.com.com/2009-7349_3-5140971.html?tag=nefd_lede

The usual suspect is Microsoft with 97% of OS's, but Cisco's 86% of the router market has been cited as well as SNMP 
vulnerabilities of two years ago.  The diversity, monoculture and agricutlure analogy makes nice press, but how 
realistic is diversity as a defense.  Is cost the biggest hurdle or limited avaiability of competitive products, or 
simply no bang for the buck by diversifying.  We've run some simulations testing the effects of different levels of 
diversity, but wanted some feedback on feasibility.  

http://arxiv.org/abs/cond-mat/0401017

Any comments, feedback or discussion would be greatly appreciated.

best,

sean