Dailydave mailing list archives
Re: Recent vuln disclosure papers/presentations
From: dan () geer org
Date: Tue, 07 Jun 2005 21:05:57 -0400
I attended, and not for the first time, the Workshop on the Economics of Information Security this past week. This meeting keeps getting better. I can answer questions, give synopsis, or whatever, but whether you are Adam Smith, Karl Marx, or anything in between excepting the Taliban, you must agree that in the end it is economics that rules including in the information security sphere. Wearing every hat I own, though, I have to mention three papers in particular. In one, the authors show that the risk due to platform monoculture is mitigated by introduction of a second platform even if that second platform is itself less secure than the first, i.e., diversity alone results in reduced firm-wide risk. In the the second paper, it is argued on social capital grounds that the public policy consequence of a monoculture must be mandatory sharing of vulnerability and incident data. In the third paper, a full-tilt, academic-grade mathematical economics argument is made for differential insurance premiums for diversity as a counter to risk-correlation (monoculture being the global maxima for correlated risk). I told you so. --dan, giggling _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Recent vuln disclosure papers/presentations jkwilliams (Jun 07)
- Re: Recent vuln disclosure papers/presentations dan (Jun 08)
- Re: Recent vuln disclosure papers/presentations halvar (Jun 08)
- Re: Recent vuln disclosure papers/presentations dan (Jun 08)
- Re: Recent vuln disclosure papers/presentations byte_jump (Jun 08)
- Re: Recent vuln disclosure papers/presentations halvar (Jun 08)
- Re: Recent vuln disclosure papers/presentations dan (Jun 08)