Threat reports threats to credibility

What do you think the outcome would be if you put security experts from Symantec, McAfee, ISS, Secure Computing, and SPI Dynamics into the same room and asked them each what they’d like to see written into a report telling the world what the latest Cyber Security Threats are? The result is the GTISC Cyber Threats Report, a report with about as much credibility as if they’d held a seance or read palms in order to decide what to write.

Oh look, just by coincidence between them all the experts present sell solutions for most of the problems being described. Now there’s a thing!

The report has also been picked up by the BBC who see fit to publish this piece of FUD for consumption by the general public.

The industry is full of threat reports, statistics, white papers and experts galore employed by vendors to tell us what the threats are and what we need to be doing about them. “Buy more stuff – preferably our stuff. If you don’t buy our stuff then don’t be surprised to find you’re stuffed!” The difficulty is not in deciphering what all this information is telling us but what it is not telling us. A salesman is hardly going to be telling you what his product doesn’t do.

Expert opinion such as that presented by the GTISC Cyber Threats Report is a waste of ink and paper. Want a decent opinion on what’s important in security? Here’s a few links for you

IT Security: The view from here

Mike Rothman’s Security Incite:

Jeremiah Grossman:

Info Security Advisor:

David Lacey:

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

The links for this year's Georgia Tech report is actually, and the panel this year was larger and slightly more diverse, including PayPal's CISO and Equifax's VP of Security Investigations
I could not have said it better myself. There appears to be a glut of security resellers out there prepared to make quite outragious claims against their products. Technology must start being seen as an enabler and not a solution!