There was an interesting blog post from Rich Mogull a few months ago about the security community not putting enough effort on defense related research as we normally see for offense. As he quite rightly points out, "breaking things is, in many ways, far less challenging than protecting them. I am sick and tired of seeing researchers and pen testers on various mailing lists brag about how easy it is to get into their clients’ systems. I suspect the ones who understand the complexity of defending complex environments with limited resources keep their mouths shut".
More defense, and real meat
More defense, and real meat
More defense, and real meat
There was an interesting blog post from Rich Mogull a few months ago about the security community not putting enough effort on defense related research as we normally see for offense. As he quite rightly points out, "breaking things is, in many ways, far less challenging than protecting them. I am sick and tired of seeing researchers and pen testers on various mailing lists brag about how easy it is to get into their clients’ systems. I suspect the ones who understand the complexity of defending complex environments with limited resources keep their mouths shut".