On Truth in Security Packaging

Wednesday, October 13, 2010

Danny Lieberman


We have come here this evening to fulfill two obligations that we have to the American family. We are here to defend truth and we are here to avoid tragedy.

I asked a colleague recently about the hype so prevalent in the information security industry and he answered that, by now – most of his IT manager clients either don’t pay attention or discount the press releases and white papers.

Man – that’s good news – because I find the entire FUD+PR person+Security Vendor triangle to be very problematic.

I personally would like to see Truth in packaging applied to Security technology in particular and ICT in general.

Almost 42 years ago – The Fair packaging and Labeling Act (Truth in packaging) was signed by Lyndon Johnson. Quoting LBJ:

“This is a strong but simple law. It requires the manufacturer to tell the shopper clearly and understandably exactly what is in the package, who made it, how much it contains, how much it costs.

The housewife should not need a scale or a yardstick or a slide rule or computer when she shops. This law will eliminate that need.

The housewife should not have to worry which is bigger–the full jumbo quart or the giant economy quart. This law will free her from that uncertainty and that problem.

It will protect her from being shortchanged by slack filling where a box is made bigger than its contents.

This law is one weapon against high prices. It will mean that the American family will get full and fair value for every penny, dime, and dollar that that family spends.”

Replace housewife with CEO and American family with business and you get my drift.

Cross-posted from Israeli Software

Possibly Related Articles:
Enterprise Security
Security Management
Post Rating I Like this!
Anthony M. Freed It has long been my opinion that FUD is underutilized as an awareness tool, and over-utilized as a sales device!
Robb Reck Great post. Goes to show that longer posts aren't always better!
Danny Lieberman Yeah - Truth in security, The last time that there was real FUD on the street was in 2003 with Blaster. But here is what Symantec was saying:
Risk Level 2: Low

August 11, 2003
December 9, 2003 11:50:19 PM

Systems Affected:
Windows 2000, Windows XP
W32.Blaster.Worm is a worm that propagates by exploiting the Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability (BID 8205). It has a date triggered payload that launches a denial of service attack against windowsupdate.com.

Multiple vendors have reported that W32.Blaster.Worm, will cause a denial of service on DCE daemons. This issue is described in BID 8371.

Geographical Distribution: Low
Threat Containment: Easy
Removal: Easy
Pascal Longpre Couldn't agree more. It is almost impossible for a customer today to distinguish between good and average products. Marketing people do everything they can to stand out from the crowd and we end up with things like "blocks 100% of 0-days" and other insanity making customers simply disregard the information.
Danny Lieberman Anthony -

You hit the nail on the head.
When I was site telecom manager at Intel Israel - Andy Grove was quoted as saying:

"A little fear in the workplace is not a bad thing"

The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.