{"id":1037,"date":"2017-09-15T07:50:41","date_gmt":"2017-09-15T07:50:41","guid":{"rendered":"http:\/\/www.dogoodsoft.com\/blog\/?p=1037"},"modified":"2024-12-23T07:45:07","modified_gmt":"2024-12-23T07:45:07","slug":"infosecurity","status":"publish","type":"post","link":"https:\/\/www.dogoodsoft.com\/blog\/infosecurity-1037\/","title":{"rendered":"Romanticizing Bugs Will Lead to Death of Information Security"},"content":{"rendered":"

Too much focus on vulnerabilities and their impact is leading information security into a slow death.<\/p>\n

\"Romanticizing<\/p>\n

Speaking in the keynote address at 44CON in London, security researcher Don A. Bailey said that while \u201cwe\u2019re getting good at reducing problems and addressing problems, information security is dying a death it has earned.\u201d<\/p>\n

Focusing on bugs and vulnerabilities, Bailey said that his initial perception of information security was about reducing risk for consumers, but that perception was \u201cso off base as all we do is talk about bugs but we are blind to what they mean and are composed of.<\/p>\n

\u201cWe see new technology coming out, the punditry reel starts spinning with a cool new ‘whatever’ and we ignore technology and where it comes from and how it is sold and what manufacturing looks like, and we ignore the engineers that put effort into building the technology.\u201d<\/p>\n

Calling the concept \u201cbug fetishizing\u2019, Bailey pointed at the Blueborne vulnerability, which has received fresh attention this week after Microsoft issued a patch for it. Bailey argued that while the bug is massive, it has been around for a while and it is super easy to remediate it.<\/p>\n

\u201cPeople use it to raise money and we see it in the community all the time and not only by start-ups, but to raise money creating an environment in how cool a vulnerability is,\u201d he said.<\/p>\n

\u201cI get a bit tired of hearing about these issues over and over as there is nothing new about Bluetooth vulnerabilities, it is the same old crap as we found a couple of years ago. This is nothing new and not pushing things forward.\u201d<\/p>\n

Bailey highlighted what he called the \u201cromantic nature of bugs\u201d and their \u201creproduction\u201d, saying that we \u201csee vulnerabilities in the wild and they are reproduced a million times\u201d which is not reducing vulnerabilities in any way.<\/p>\n

He also said that we are taking extremely small issues and blowing them up, and also focus more on intricate vulnerabilities than the defenses against them.<\/p>\n

\u201cFinding bugs that are useful is a great thing, but doing something with it is another thing; we want real models in information security and IoT that we can resolve.\u201d<\/p>\n

Bailey concluded by saying that information security is in a worse state than 10 years ago, and 10 years ago there were probably 10 consultancies and now, only a few organizations are doing groundbreaking research.<\/p>\n

\u201cCompanies say specialize in information security but outsource for skills and don\u2019t feel like paying someone for expertise when they can hire, with reputable universities pumping out graduates with information security degrees. It is true we need more people but who needs them: consultancies who break ground, or companies who need more people \u2013 a fraction of a % are doing groundbreaking research and that is why information security is dying.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"

Too much focus on vulnerabilities and their impact is leading information security into a slow death. Speaking in the keynote address at 44CON in London, security researcher Don A. Bailey said that while \u201cwe\u2019re getting good at reducing problems and addressing problems, information security is dying a death it has earned.\u201d Focusing on bugs and … Continue reading Romanticizing Bugs Will Lead to Death of Information Security<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[381],"class_list":["post-1037","post","type-post","status-publish","format-standard","hentry","category-news","tag-information-security"],"_links":{"self":[{"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/posts\/1037","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/comments?post=1037"}],"version-history":[{"count":1,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/posts\/1037\/revisions"}],"predecessor-version":[{"id":1039,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/posts\/1037\/revisions\/1039"}],"wp:attachment":[{"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/media?parent=1037"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/categories?post=1037"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/tags?post=1037"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}