[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Security as an Enabler - Virtual Trust: An Open Challenge to All InfoSec Professionals

To: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Security as an Enabler - Virtual Trust: An Open Challenge to All InfoSec Professionals
From: "Kenneth F. Belva" <ken@xxxxxxxxxxxxxxx>
Date: Wed, 27 Sep 2006 19:08:02 -0400

I've been defending Virtual Trust as an enabler for the past three days 
on the full-disclosure list. So far, fairly successfully.

Here's the challenge: How creative are you *for* VT, *against* VT and 
determining the *impact* of VT?

Here's your chance to figure out what works and what doesn't with the 
theory I've proposed.

Naturally, the results may (or may not!) significantly impact our field.

I have set up three pages on my blog for comments. All I ask is the 
following:

1. Keep an open mind
2. Read the main source material before posting
3. Provide a thoughtful reply

I look forward to the ultimate peer review.

Bring it on!

Ken

========================================================
Main Source Material
========================================================

Here is the main paper:
http://www.ftusecurity.com/pub/VT-belva-dekay-final.pdf

Here is a post regarding the distinction between Virtual Trust and the 
current model of information security, the Insurance Model:
http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049698.html

Information Security is a necessary but not a sufficient condition for 
the creation of electronic assets and electronic business relationships:
http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049683.html

A independent VT example thought of by Brian Eaton not found in our main 
paper or subsequent posts (pay-per-click advertising):
http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049658.html

========================================================
Website Pages
========================================================

Main Page:
http://www.bloginfosec.com

Virtual Trust: Support (FOR)
http://www.bloginfosec.com/?page_id=72

Virtual Trust: Objections (AGAINST)
http://www.bloginfosec.com/?page_id=73

Virtual Trust: Impact (NEW POSSIBILITIES)
http://www.bloginfosec.com/?page_id=74

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Security as an Enabler - Virtual Trust: An Open Challenge to All InfoSec Professionals
  - From: Dave \"No, not that one\" Korn

Prev by Date: Re: [Full-disclosure] Windows VML security update MS06-055 released
Next by Date: Re: [Full-disclosure] VML Exploit vs. AV/IPS/IDS signatures
Previous by thread: [Full-disclosure] [ MDKSA-2006:170-1 ] - Updated webmin packages fix XSS vulnerability
Next by thread: Re: [Full-disclosure] Security as an Enabler - Virtual Trust: An Open Challenge to All InfoSec Professionals
Index(es):
- Date
- Thread