March 12, 2012
Measuring the OODA loop of security thinking -- Can you say - firewalls & SSL?
So, you want to know where the leading thinkers are in security today?
Coviello called for the industry to rally together to take the following actions:
-- Change how we think about security. The security industry must stop thinking linearly, "...blindly adding new controls on top of failed models. We need to recognize, once and for all, that perimeter-based defenses and signature-based technologies are past their freshness dates, and acknowledge that our networks will be penetrated. We should no longer be surprised by this," Coviello said.
Can you say, firewalls & SSL? It's so long ago that this metaphor was published by Gunnar that I can't even remember. But here's his firewalls & SSL infosec debt clock, starting 1995.
Posted by iang at March 12, 2012 09:17 PM
In what manner are you referencing Boyd's OODA loop? How are you suggesting the OODA concept be applied to security planning and or security design and/or security operations?
Periodic reference is that attackers have significantly better OODA-loop than those responsible for security.
Disclaimer #1: We were called in as consultants to small client/server startup that wanted to do payment transactions on their server, they had also invented this technology called "SSL" they wanted to use, the result is now frequently called "electronic commerce". As part of "electronic commerce" there were various requirements as to the deployment and use of SSL ... which were almost immediately violated. Not long after, I coined the term "comfort certificates" (referring to the SSL domain name digital certificates) in attempt to differentiate between providing the feeling of comfort and *REAL* security.
Disclaimer #2: I use to sponsor Boyd's briefings at IBM