Bruce Schneier
Schneier on Security
A blog covering security and security technology.
« Friday Squid Blogging: Firefly Squid Lighting Up a Japanese Beach | Main | Sponsor-Only Security at the 2012 London Olympics »
April 28, 2007
Schneier Talk at the British Computer Society
The MP3 of my March 21 talk at the British Computer Society -- on information security trends and economic considerations -- is on the Internet.
EDITED TO ADD (4/30): Ogg file here.
Posted on April 28, 2007 at 02:05 PM • 12 Comments • View Blog Reactions
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
You must think my Saturdays are really shit. I'll listen anyways. Thanks.
Posted by: DingDong at April 28, 2007 04:23 PM
Thanks a lot.
I am truly happy that the mp3 is published in the internet.
Posted by: InforSec at April 28, 2007 05:28 PM
Bruce Schneier:
look at this: http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/054041.html
Posted by: The Anonymous Pilot at April 28, 2007 11:08 PM
"look at this: http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/054041.html"
Does anyone actually believe this information is secret in any way? Does this surprise anyone?
Posted by: Bruce Schneier at April 29, 2007 10:11 AM
A pity that an organization like the BCS would publish a talk in the (proprietary, patent-encumbered) mp3 format, rather than in ogg format, which is technically slightly better, not encumbered by patents, and for which free (as in freedom) player software is available for all platforms.
Posted by: nostromo at April 30, 2007 03:58 AM
I tried to record an mp3, speaking only Bruce Schneier's Social Security number, and my computer self destructed.
Posted by: Jim Phelps at April 30, 2007 08:46 AM
Is patch Tuesday the first or the second Tuesday?
http://en.wikipedia.org/wiki/Patch_Tuesday
http://www.networkworld.com/news/2005/011005widernetpatchtuesday.html
Posted by: Super Tuesday at April 30, 2007 10:17 AM
What you describe (about 33 minutes in) as "annualized loss expectancy" seems to me to be a bad way of determining how much to spend on security. The goal should be spending on security to maximize expected benefit minus cost, not spending to make the total cost equal the total expected benefit (which makes the net benefit zero). Benefit minus cost (which I also called net benefit) is maximized when marginal expected benefit equals marginal cost. (Perhaps "expected benefit" is an odd way to describe "expected loss prevented", it makes the description apply to more than just security.)
Posted by: David Baron at April 30, 2007 11:36 PM
@The Anonymous Pilot
Memphis Two seems to be making a habit of it.
Posted by: Noddy at May 2, 2007 08:38 PM
There were some people at the end of this during the questions who were talking about some sort of opensource E-cash thing. Did anyone happen to catch the URL for their effort?
Posted by: Ed Yates at May 14, 2007 05:32 AM
Post a comment
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT Counterpane.
|
| Syndication |
|
RSS 1.0 (full text)
RSS 2.0 (excerpts) |
| Crypto-Gram Newsletter |
|
If you prefer to receive Bruce Schneier's comments on security as a monthly e-mail digest, subscribe to Schneier on Security's sister publication, Crypto-Gram.
read more |
Comments