Comments: Measuring the OODA loop of security thinking -- Can you say - firewalls & SSL?

Hi:

In what manner are you referencing Boyd's OODA loop? How are you suggesting the OODA concept be applied to security planning and or security design and/or security operations?

Posted by Purpleslog at March 12, 2012 10:31 PM

Periodic reference is that attackers have significantly better OODA-loop than those responsible for security.

Disclaimer #1: We were called in as consultants to small client/server startup that wanted to do payment transactions on their server, they had also invented this technology called "SSL" they wanted to use, the result is now frequently called "electronic commerce". As part of "electronic commerce" there were various requirements as to the deployment and use of SSL ... which were almost immediately violated. Not long after, I coined the term "comfort certificates" (referring to the SSL domain name digital certificates) in attempt to differentiate between providing the feeling of comfort and *REAL* security.

Disclaimer #2: I use to sponsor Boyd's briefings at IBM

Posted by Lynn Wheeler at March 14, 2012 03:57 PM

one of the latest in series of articles ... i made some offhand comment about lots of this has been lurking since SSL was first deployed

What's Next For Certificate Technology? The recent rash of breaches among certificate authorities has left a bad taste in enterprises' mouths. What's wrong with the technology, and how is it changing?
http://www.darkreading.com/authentication/167901072/security/client-security/232602762/what-s-next-for-certificate-technology

Posted by Lynn Wheeler at March 16, 2012 09:04 PM
Post a comment









Remember personal info?






Hit Preview to see your comment.
MT::App::Comments=HASH(0x5600fe4a2d18) Subroutine MT::Blog::SUPER::site_url redefined at /home/iang/www/fc/cgi-bin/mt/lib/MT/Object.pm line 125.