Dailydave mailing list archives
Re: Commission on Cybersecurity for the 44th Presidency and your right to cyber (security)
From: Fyodor <fygrave () gmail com>
Date: Wed, 1 Sep 2010 04:06:56 -0400
In China they've been pushing Multi-Level Protection Scheme (MLPS), which is somewhat makes sense, when it is not at personal but at enterprise level (i.e. you don't want your enemy country enterprises to come and secure your critical infrastructure and plant backdoors as they go :)) The comparison with medical industry is ridiculous. Not only the med. industry doesn't serve its main purpose (healing), but there is also one key difference: the average human body doesn't mutate as fast and not in that variety as IT systems do, which gave the med. dudes enough time to standardize the knowledge, so they could start cashing on it. Doesn't work this way in IT, even if you pretend to have enough time (if you ever glanced through a CISSP book, you probably know what I am talking about: most of the content is only good enough to collect dust in historical museum archive, or even worse - not technically correct at all). On Tue, Aug 31, 2010 at 6:36 PM, Michal Zalewski <lcamtuf () coredump cx> wrote:
This is probably somewhat interesting; a prominent quote from this paper, dissing security certifications, is making rounds for a while - but the rest of the paper is actually pretty scary: http://csis.org/files/publication/100720_Lewis_HumanCapital_WEB_BlkWhteVersion.pdf In essence, looks like the commission is simultaneously trying to criticize the current regime of security certifications (probably rightly so), and - very bizarrely - use this as an argument for proposing a federally administered certification program (with aspirations to become a professional accreditation scheme). Lots of analogies to doctors and self-contradictory arguments are being made. Some of the more interesting snippets and my snarky remarks are here: http://lcamtuf.blogspot.com/2010/08/permission-to-cyber-sir.html /mz _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
-- http://o0o.nu _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Commission on Cybersecurity for the 44th Presidency and your right to cyber (security) Michal Zalewski (Aug 31)
- Re: Commission on Cybersecurity for the 44th Presidency and your right to cyber (security) dan (Sep 01)
- Re: Commission on Cybersecurity for the 44th Presidency and your right to cyber (security) Michal Zalewski (Sep 01)
- Message not available
- Re: Commission on Cybersecurity for the 44th Presidency and your right to cyber (security) Michal Zalewski (Sep 01)
- Re: Commission on Cybersecurity for the 44th Presidency and your right to cyber (security) dan (Sep 01)
- Message not available
- Re: Commission on Cybersecurity for the 44th Presidency and your right to cyber (security) Michal Zalewski (Sep 01)
- Re: Commission on Cybersecurity for the 44th Presidency and your right to cyber (security) travis+ml-dailydave (Sep 02)
- Re: Commission on Cybersecurity for the 44th Presidency and your right to cyber (security) Michal Zalewski (Sep 01)
- Re: Commission on Cybersecurity for the 44th Presidency and your right to cyber (security) Fyodor (Sep 01)