Thursday, July 20, 2006

On "Is Security Boring?"

I've been meaning to blog aboit it for quite some time. So, "Is Security Boring?"

So this guy from nCircle says: "Sometimes I think it's like being a cop... at first you're all excited to be making a difference. You're going to save lives, make the world a safer place. Fast forward 10 years later, and you're probably well jaded after busting the same junkies 1000 times, the same person that beats his family and never learns, the same thieves that keep getting in trouble. In short, people rarely learn and they keep making the same mistakes." Etc, Etc

Overall, I thought about it and the final conclusion is: depends on the mindset. In NLP parlance, if your metaprogram is "sort for difference" you would find different things out there and if you "sort for similarity" you will find things to be the same. So, obviously:

* IPS is just a layer-7 firewall OR IPS does different things from the old Gauntlet
* XSS is just another validation error OR XSS is a new attack

I am too lazy (or too busy!?) to come up with more examples, but if you seek boredom - "security is boring." If you seek excitement - it is truly exciting! And, why would somebody seek boredom is beyond me...

Dr Anton Chuvakin