So another AusCert comes to a close with what I will say was a most beneficial conference. Of course there are ups and downs to any conference which I won’t note here, but overall some real gains were taken away after listening to what the security community had to say. Apart from this, I also started to feel a little pessimistic about the whole situation….

After listening to a number of vendors, independent researchers, the secret service, etc I began to wonder why and where things went so wrong. Actually, as a security professional, things couldn’t look any better as it appears there are going to be a whole new wave of threats and exploits with the release of Web 2.0 at an application layer and IPv6 at a network layer. Not to mention the global expansion of bot-nets and fraud being driven by underworld gangs.

Now don’t get me wrong, a number of great things have come out of the security community to tighten down technology as we see it today. The problem I am talking about is that I see the security community being like the wild west when it comes to computer science. That is, I don’t see much science going on and all I hear are vendors selling products that will never solve the core problems we face. Take note, if I have a virus should I fear the virus as I have anti-virus? What about malware when I have anti-malware? How about addware when I have anti-addware? You see, all I really have here are black list solutions that mathematically will never win against these overwhelming threats that are dominating the Internet. The real problem is what happens when I have a virus, malware, addware that I nor anyone in the community knows about except the attacker? Using a black list solution, how do I protect myself against something I don’t know exists? The answer is simple: I can’t.

So then, if we all accept and know this is the case, then we have to ask ourselves “Is the Security Community Keeping Itself Employed” through means of fear and solutions that will inevitably never solve the problem?