Are The Feds Going New School?

Dec 1, 2011
Ed Bellis
Chief Technology Officer, Co-founder

Share with Your Network

As much as the headlines of a new bill in Washington grabbed my interest with a twinkle of hope, it turns out in some ways this may be a step away from a new wave of information sharing. It appears to promote information sharing regarding security breaches between the private sector and the government by blanketing companies with protections such as not publicly disclosing the information. While I’m all for information sharing, this seems to be more back-room sharing to the benefit of some but to the detriment of most.

One of the primary ways we can learn about information security breaches and their cause is through publicly available resources like DataLossDB. If the majority of us within the security community cannot access information and learn from it, in the end this will only cause more breaches not less. We as a community are starting to see the very early benefits of a New School way of thinking through reports like the Verizon DBIR and many others like it. By understanding what is causing real world security incidents, we can prioritize our work and put the right controls in place to protect against them. We need to get away from what has been traditionally a practice in alchemy and black art and realize we can all learn from each other. The bad guys seem to be better at this than we are.

Here at HoneyApps we drink the New School of Information Security kool-aid on a daily basis. By taking a quantitative approach to our security and operations we have not only been able to more effectively prioritize our work, but have learned where our product needs to evolve to support and enable these methods. With our upcoming open vulnerability explorer, we hope to combine many of the public vulnerability data sources into a single searchable and filtered view where we can also facilitate open discussions on remediation and controls that matter in protecting against these. We’ll continue to evolve our metrics and benchmarking to provide a view into how you as well as your peers are doing in very quantifiable terms. In the near future we will begin to combine this with the threat and breach activity that is available whether it’s public or via subscriptions we obtain.

There are a lot of very skilled people in functions outside of information security that continue to learn from each other and the data that is out there. Here’s to hoping the security community moves in that direction.

Read the Latest Content

Research Reports

Prioritization to Prediction Volume 5: In Search of Assets at Risk

The fifth volume of the P2P series explores the vulnerability risk landscape by looking at how enterprises often view vulnerabilities.

5 Things Every CIO Should Know About Vulnerability Management

If you view vulnerability management (VM) as just a small part of your operation, it might be time to take another look.  Managing vulnerabilities is...



Get Started Using the Exploit Prediction Scoring System (EPSS).

Cyentia Institute’s Chief Data Scientist and Founder Jay Jacobs gives tips on how to get started using the Exploit Prediction Scoring System (EPSS). You...

© 2022 Kenna Security. All Rights Reserved. Privacy Policy.