[langsec-discuss] Tainting input for better security

dan at geer.org dan at geer.org
Fri Jun 15 11:56:44 UTC 2012


As a mostly side comment, I work for In-Q-Tel which might be
described simply (though quite imperfectly) as a venture capital
firm working in support of the US "intelligence community."
That is irrelevant except for one thing: the demand for data
analysis systems that will handle ever-dirtier, ever-more-volumnious
inputs is a rather strong driver these days.  No doubt this is also
true at Google, Bing, FaceBook, etc. -- large systems with large
enough footprints that they might be called critical infrastructures
for lumpen proletariat.  It seems all I hear from the "big data"
sector of our investment portfolio (and would-be additions) is how
this or that system is better than all the others at accepting
unstructured this and noisy that.  Similarly with many intrusion
related systems.  Besides asking whether we have become a nation
of anomaly detectors(*), one wonders what can be said about the
many systems that have a "Fuzz Me" sign taped to their backsides.

--dan


(*) L'Angleterre est une nation de boutiquiers. --  Napoleon




More information about the langsec-discuss mailing list