This talk is focused on some of the biggest problems associated with computer security defenses. Main topics include:
- Misaligned defenses
- Lack of focus on root-causes
- Lack of focus on local current and historical exploits
- Lack of data in driving computer security defense decisions
Roger will discuss how things got this way and how to fix them. Prior to this session, the material in this talk has been presented to a limited audience (internally at Microsoft and to select Fortune 500 companies). It has been reviewed and blogged about by industry luminaries, such as Bruce Schneier, and industry groups such as SANS. Roger considers this topic to be one of the most important he has come across in his career.