Subscribe to this blog's feed

Amazon

Recent Posts

Bio

  • David Rice is a globally recognized cybersecurity leader, Executive Director of The Monterey Group, a strategic consulting firm, and Consulting Director for Policy Reform at the U.S. Cyber Consequences Unit. Called upon by high-performance organizations for his ability to achieve, integrate, and drive deep corporate objectives in the face of globalized competition, rapid technological advances, and increased sophistication of cyber adversaries, David is a key figure shaping the discussion and practice of cybersecurity.

    Prior to his current roles, David served as an Global Network Vulnerability Analyst for the National Security Agency and Special Duty Cryptologic Officer for the United State Navy. The U.S. government recognized and awarded David for “significant contributions” to the Department of Defense and the National Security Agency for developing security configuration and design guidance for critical national infrastructure and global networks.

Archives

More...

Links

Blog powered by TypePad

The views and opinions expressed are those of the author and do not reflect the official policy, position, or recommendations of the author's affiliations, partners, employers, or clients.

« August 2010 | Main | October 2010 »

September 2010

September 07, 2010

Upon the Threshold of Opportunity

OWASP AppSec 2010 Keynote

On September 10th, I will be giving the morning keynote at the OWASP AppSec 2010 conference in Irvine, California

The Abstract:

In the 1960s, pollution in the United States reached a breaking point. Large corporations, by and large, had been unresponsive to environmental issues leaving the nation's skies filled with smog, rivers filled with sludge, forests defoliated by acid rain, and fresh water lakes declared "dead." The natural heritage of the nation was being destroyed by its industrial prosperity. 

The U.S. response was a series of less-than-satisfactory regulatory attempts to correct for substantial environmental damage. Faced with serious and costly legacy issues of industrialism however, many companies stonewalled and delayed for much of the 1980s and 1990s, emphasizing legal compliance and reactionary practices over real progress. The turn of the century ushered in a fresh perspective in corporate America, with companies like GE, DuPont, and Wal-Mart actively pursuing sustainability initiatives linked to corporate performance, transforming environmental crisis into financial opportunity. What happened?

Within the story of the U.S. battle against environmental pollution lies key lessons for confronting the equivalent of pollution in cyberspace: software vulnerabilities.  The toxic effluence of software vulnerabilities leave networks saturated with spam, computers clogged with malware, and servers defoliated of sensitive private data.

To date, a series of less-than-satisfactory regulatory attempts – such as PCI, SOX, and data breach laws – have been enacted to address what appears to be widespread unresponsiveness to the substantial harm to the global digital eco-system caused by unrestricted vulnerability dumping. Faced with serious and costly legacy issues of poorly implemented software systems however, many companies continue to stonewall or delay security programs, emphasizing legal compliance and reactionary practices while demonstrating no real improvement.  What would it take to change this, to turn the crisis of “pollution” in cyberspace into an opportunity?

This keynote highlights a possible fresh perspective, putting software security into the context of social responsibility linked to corporate performance, illustrating how the software market - like corporate America - stands upon the threshold of its greatest opportunity. 

Posted on September 07, 2010 | | Comments (0) | TrackBack (0)