Re: Recent vuln disclosure papers/presentations

[dan () geer org]

I attended, and not for the first time, the Workshop
on the Economics of Information Security this past
week.  This meeting keeps getting better.  I can 
answer questions, give synopsis, or whatever, but
whether you are Adam Smith, Karl Marx, or anything
in between excepting the Taliban, you must agree
that in the end it is economics that rules including
in the information security sphere.

Wearing every hat I own, though, I have to mention three
papers in particular.  In one, the authors show that the
risk due to platform monoculture is mitigated by introduction
of a second platform even if that second platform is itself
less secure than the first, i.e., diversity alone results in
reduced firm-wide risk.  In the the second paper, it is
argued on social capital grounds that the public policy
consequence of a monoculture must be mandatory sharing
of vulnerability and incident data.  In the third paper, a
full-tilt, academic-grade mathematical economics argument
is made for differential insurance premiums for diversity
as a counter to risk-correlation (monoculture being the
global maxima for correlated risk).

I told you so.

--dan, giggling

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave