Jared Pfost wrote up a blog post about the ITSEF conference we were both at last week, and he commented on the panel I was on. I agree with his analysis, there is a lot more to security than just code, especially when you start dealing with global issues.

From http://envisionsec.wordpress.com/201...d-attribution/:

"ITSEF: a day with the Feds and… Attribution
March 19, 2010

Jim Maloney and I just returned from the IT Security Entrepreneur’s Forum. A one day conference to increase collaboration between the Feds and emerging security companies, “bridging the gap between Silicon Valley and the Beltway.” What a wonderful, wonderful day. The 70 degree sun and beautiful stanford campus might have had something to do with it too. If you’re interested in learning how to interact and do business with federal agencies (or vice versa), this is the place. Robert Rodriguez, ITSEF founder, sets the perfect stage for open networking among all attendees. Maybe I’m just settling into my role as a vendor but I’ve never felt so comfortable approaching folks at a conference before.

Aside from the promo, I do want to highlight one of the sessions. One of the themes of this ITSEF was Attribution i.e. how can we positively identify criminals. The panel consisted of Jeff Moss and two old school security folks. I believe one was a UK fed, the other from General Dynamics (pretty much a fed). So how do we solve attribution? Obviously there’s no easy answer and the takeaway was we’ll have to innovate and things will have to change. The difference that inspired this post is at what cost? ... "