talkinsecurity writes "Peter Tippett, chief scientist at the ICSA and the inventor of the progam that became Norton Antivirus, had some interesting things to say Monday about the state of the security industry. In a nutshell, Tippett warned that about a third of the work that security departments do today is a waste of time. Tippett goes on to systematically blow holes in a lot of security's current best practices, including vulnerability research/patching, strong passwords, and the product evaluation process. Some of his arguments are definitely debatable, but there is a lot of truth to what he's saying as well. It definitely makes you think.
http://www.darkreading.com/document.asp?doc_id=145224&WT.svl=news1_1" Link to Original Source
This discussion was created for logged-in users only, but now has been archived.
No new comments can be posted.
Probably the way that effort is spent could be improved but comparing vulnerabilities to the possibility of someone shooting an arrow through a sunroof is a gross exaggeration. There is a black market for finding and attacking vulnerabilities and last I heard there is no black market for finding new ways to kill car drivers. Regarding effectiveness, the biggest bang for the buck is user education for preventing social engineering, but you can also waste insane amounts of effort trying to eradicate human stup
Effective use of time vs waste of time (Score:2)
Regarding effectiveness, the biggest bang for the buck is user education for preventing social engineering, but you can also waste insane amounts of effort trying to eradicate human stup