It’s hard to change a market


This is quite possibly the DEA’s greatest success in disrupting the supply of a major illicit substance. The focus on disrupting the supply of inputs rather than of the drug itself proved extremely successful. This success was the result of a highly concentrated input supply market and consequently may be difficult to replicate for drugs with less centralized sources of supply, such as cocaine and heroin. That this massive market disruption resulted in only a temporary reduction in adverse health events and drug arrests and did not reduce property and violent crimes, is disappointing. (italics added)

So reads the conclusion to “Methamphetamine, Public Health and Crime.”

Anyone watching our 40 year futile war on drugs has to see this. But we’re locked into it for all sorts of reasons. What security measure is the best analog for this? Expensive, intrusive, and ultimately futile?

Via Marginal Revolution.

Research Revealed Track at RSA

For the past few months, I’ve been working with the folks at the RSA Conference to put together a track entitled “Research Revealed.” Our idea is that security needs to advance by getting empirical, and bringing in a wide variety of analytic techniques. (Regular readers understand that Andrew Stewart and I brought these ideas together in a book, “The New School of Information Security.)”

The content is really exciting. From the opening with a top rated speaker, Betsy Nichols, who’ll be talking about “Crunching Metrics from Public Security Data” continuing to Gene Kim’s talk about applying real analysis of practice to virtualization and a great panel talking about lessons learned from Election 2008, this track is just packed with hard facts and practical analysis.

Because I’m so excited by this, I’ve put the data into a Research Revealed .ics file you can use to bring these into your calendar.

I also extracted this table from the RSA website (it was hard to link), so you can easily see the track:

Session ID Title Classification Session Type Scheduled
RR-105 Crunching Metrics from Public Security Data Advanced Track Session Tuesday, April 21 01:30 PM
RR-106 Controlling Virtualization Security Risks: Tips from the Experts Intermediate Track Session Tuesday, April 21 03:00 PM
RR-107 Technology Lessons Learned from Election 2008 Advanced Track Session Tuesday, April 21 04:10 PM
Senior Computer Scientist,
SRI International
Chief Technology Officer,
Open Source Digital Voting Foundation
Associate Professor,
Rice University
Associate Professor,
University of California, Berkeley
Associate Professor,
University of Iowa
RR-108 Security Risk Metrics: The View from the Trenches Intermediate Track Session Tuesday, April 21 05:40 PM
RedSeal Systems
RR-201 Fraud Management Strategies of North American Financial Institutions Intermediate Track Session Wednesday, April 22 08:00 AM
Senior Analyst,
Aite Group
RR-202 Data Sources, Methods, and Challenges Not Rated Track Session Wednesday, April 22 09:10 AM
The Security Consortium, Inc.
Program Manager,
Microsoft Corporation
Professor of Computer Science,
University of Pennsylvania
RR-203 Why Software is Still Insecure: Conclusions from a Ten-Year Study Advanced Track Session Wednesday, April 22 10:40 AM
Research Director, Secure Content and Threat Management Products,
Security Innovation
RR-301 Into the Breach: An Analysis of Attack Data Trends Intermediate Track Session Thursday, April 23 08:00 AM
Software Engineer,
Information Security Manager,
RR-302 Best Practices for Mitigating Insider Threat: Lessons Learned from 250 Cases Advanced Track Session Thursday, April 23 09:10 AM
Senior Member of the Technical Staff,
Carnegie Mellon Software Engineering Institute
Technical Manager,
Carnegie Mellon Software Engineering Institute
RR-303 Using Science to Battle Data Loss: Analyzing Breaches by Type and Industry Intermediate Track Session Thursday, April 23 10:40 AM
Interhack Corporation
RR-304 Cyber Warfare: Technology, Law and Ethics Advanced Track Session Thursday, April 23 02:10 PM
Professor and Program Coordinator,
Sheridan Institute of Technology and Advanced Learning
RR-401 The Data-Driven CSO: Steering Clear of Security Breaches Intermediate Track Session Friday, April 24 09:00 AM
Vice President of Technology & Innovation,
Verizon Business
RR-402 Closed-Loop Information Assurance Advanced Track Session Friday, April 24 10:10 AM
Treadstone 71
RR-403 Applying Pattern Recognition in SOD, Fraud or GRC-Related Violations Advanced Track Session Friday, April 24 11:20 AM
Software Development Director,