The digital underground is a meritocracy; hackers rate themselves on their technical prowess and their capers’ success. This means they must be open with information about their tools, targets and methodologies. In contrast, security professionals usually only share what most everyone already knows, not their actual experiences. But, keeping mum means missing out on useful intelligence and potential help.The bad guys have to use an open source method to do what they do, while the white hats too often don’t cooperate enough to combat the black hats’ leverage. Black hats brag about their exploits while white hats often don’t reveal anything happened even when they’re successful at repelling an attack. While hiding inside a fortified perimeter may make some sense for problems that actually take effect inside the firewall, it makes no sense for perils outside the firewall, such as slowdowns, disconnects, congestion due to somebody else’s securitiy failure, etc. For that, we need collective action.Peer-to-Peer by: Erik Sherman, Information Security, Issue: Jan 2005, Two Seattle CISOs, Kirk Bailey and Ernie Hayden, are pioneering a new level of trust and cooperation to secure their enterprises.
-jsq
PS: The article could use some updating of its terminology. Real hackers wouldn’t be caught dead in the current criminal black hat culture.
I think the good guys have made a lot of progress towards sharing in the past few years. Part of the biggest problem I’ve seen is seperating the good guys with something useful to say and the sales guys trying to push some product. So many security conferences get choked full of vendors and their shills.
Good point. I never did like those pickled Capparis spinosa buds anyway.