Can Contests End the OS Security Debate?
It looks like CanSecWest is starting a trend. After last year's "PWN to Own" contest netting in a "owned" MacBook, now the 2008 conference is pitting Windows Vista, Mac Leopard OS X and Linux against each other. Next thing you know, we'll be having a winner take all cage match for the championship.
First, let me say that I love the idea of this contest. It's the security
equivalent of watching those side-impact car crash videos we see on the NBC news
magazine shows. This OS hack-a-thon contest is sure to draw a crowd, and debate
following the results. But I like the idea of contests like this, where devices
and software are tested out in the open by real people. I think we'll learn a
lot and possibly debunk some of the OS security myths and claims along the
way.
Speaking of contests, my friend Ross Carlson is cooking a contest idea to pit similarly configured Mac, Windows and Linux systems along with power users of the respective operating system, performing a series of common and not so common tasks. I don't know if Ross will end up pulling it together or not, but if he does, I'd go to watch. More than the results, I'd like to see the reactions of the participants and audience when the results are tallied.
Only if there is some proper way to handicap the participants. Each specific "threat" has some level of force that they are capable of applying to an asset (skills, resources). This is a variable that must be accounted for in a consistent manner if this exercise is to have any semblance of worth.
Posted by: Alex | February 08, 2008 at 09:11 AM