[nycbug-talk] some comments on Shmoo. . .

[George R.]

Once again, ShmooCon in DC was an excellent conference.

I didn't attend enough meetings, but the quality of people you meet 
there is remarkable.

Richard Beijtlich's Tao of Security blog at 
http://taosecurity.blogspot.com/ provides some comments about the 
conference, but there were also a significant bunch of NYCBUG people there.

Dan Geer provided the opening, and Richard's brief comments on it are 
insightful.  Dan is a USENIX heavy-hitter who is also a biologist.  He 
had the recent USENIX article in login about Monoculture, and debated 
someone from Microsoft a few years back at ATC about monoculture.

It seems dangerous to work out parallels between the natural science and 
technical world, since few people are authorities in both areas.  Dan, 
however, is a strong exception, IMHO.

He spent a lot of time explaining the problems with determining the 
quantity of security vulnerabilities reported, but once that was 
established, he used the general trends of vulnerabilities to illustrate 
various points.

Richard provides more comments on Dan's talk, particularly in the 
context of pandemics.

Once the Shmoo videos are online, I'd highly recommend people viewing 
his keynote.  It's way too easy for technical people to have 
tunnel-vision when making generalizations about technology, but I think 
Dan does a huge service to everyone by opening up the mountain.

g