QOTD - Spaf on InfoSec R&D Funding

Security is an ongoing effort against those who make continuing attacks against us, in a domain where innovation and change have been accelerating. We cannot hope to succeed if we take small steps, fail to provide continuous emphasis, and focus solely on finding cheap solutions to problems in 60-90 days; our adversaries are not acting this way, and we are already behind in several important areas.
[...]
It has been repeatedly noted in reports, testimony, and community gatherings that current cyber-security research is largely incremental. This evolutionary rather than revolutionary approach has prevented true leaps ahead in the technology. Thus, we continue to deal with legacy issues such as computer viruses and buffer overflows on a seemingly endless basis.
-- Dr. Eugene Spafford, Two Proposals on Cyber Security Research
Src: http://transfer.spaf.us/is-prop.pdf

No comments: