In this segment, we use a pretty broad stroke to cover:
- Nawaf Bitar’s outrage during RSA keynote
- EFF selling stickers to make your webcam “private”
- The Rugged Manifesto
- Concern over the NSA
With RSA Conference 2014 come and gone, Michael Coates and I sat down to discuss what we saw, what was new, what was borrowed what was blue. Along the way, Michael brings up funding for Wickr. Have a listen….
Resource mentioned in this segment
The SandBox area at RSA Conference 2014 has a huge board setup and a couple computer terminals where you can input a data, create a future vision statement and then have it put on the board. I like this a lot. Here’s an image from the first day. I’ll take another one at the end of the conference to see how dense the visions are around 2030.
I am at the RSA Conference in San Francisco this week, searching for new ideas and companies that might change the way we think about application security. I was given access to the expo floor yesterday as the event was getting setup and came away with some observations.
As in most conferences, the big companies are in the middle of the floor, while the smaller ones are relegated to the edges of the main conference hall. The edge cases are where I’m going to spend most of my time over the next three days. An interesting observation is that the larger the booths, the more money spent, the more obtuse the message. This isn’t just a problem in the security conference industry, but all industries.
As a company grows and changes, the legacy messaging gets morphed into the larger picture where all angles are trying to be covered in one message. It’s a systemic problem. In 90% of the booths, I could not tell what they were doing, what their product actually did or who their market was.
That leads me to my main point as I start to filter content coming from the conference. I want to do 15 or 20 interviews and reviews of sessions, keynotes and companies that I find interesting. I’ll be looking along the edge cases for those with simple messages and clear vision. Let’s see what I can come up with.
Earlier this week, OWASP released a statement after an internal debate regarding recent allegations that RSA had weakened its encryption while receiving $10 million dollars from the NSA. There was heated discussion about whether or not to publish a statement. Would it be perceived as political? What is OWASP’s responsibility when it comes to defending the trustworthiness of software?