A cybersecurity lobbying boom in DC, as congress considers new laws


3 Responses to “A cybersecurity lobbying boom in DC, as congress considers new laws”

  1. Mike Warot says:

    I think it’s important for people to realize that computer security can be properly fixed. 

    Fixed as in no more computer viruses, etc.

    The Genode project is going in the direction required for this to happen, towards a system based on capabilities.

    In such a system, you always tell the computer what to use when running a program, and thus always know the exact extent of change that can happen BEFORE you run a program. No more corrupted systems, no more virus scanners, none of that.

    It will happen eventually…. 10 years from now… as people figure out that they’ve all been making bad assumptions, and realize that a better reality is possible.

    • While that approach is a huge step up, is is not a silver bullet. Systems like this have been in practice for years (Java, for instance) and have been studied for decades. Like I said, huge improvement, but hardly an end to security woes. Most bugs that lead to security vulnerabilities would not be thwarted by such a system. Not SLQ injection, not ROP-based memory corruption vulnerabilities.

      NaCl, the Java sandbox and permissioning model, proof-carrying code, etc enable the building of more secure applications, but there will always be bugs, and when there are bugs, there will be vulns.

  2. That_Anonymous_Coward says:

    You can tell how small an actual problem is by the number of lobbyists it spawns.

Leave a Reply