Threat reports threats to credibility

What do you think the outcome would be if you put security experts from Symantec, McAfee, ISS, Secure Computing, and SPI Dynamics into the same room and asked them each what they’d like to see written into a report telling the world what the latest Cyber Security Threats are? The result is the GTISC Cyber Threats Report, a report with about as much credibility as if they’d held a seance or read palms in order to decide what to write.

Oh look, just by coincidence between them all the experts present sell solutions for most of the problems being described. Now there’s a thing!

The report has also been picked up by the BBC who see fit to publish this piece of FUD for consumption by the general public.

The industry is full of threat reports, statistics, white papers and experts galore employed by vendors to tell us what the threats are and what we need to be doing about them. “Buy more stuff – preferably our stuff. If you don’t buy our stuff then don’t be surprised to find you’re stuffed!” The difficulty is not in deciphering what all this information is telling us but what it is not telling us. A salesman is hardly going to be telling you what his product doesn’t do.

Expert opinion such as that presented by the GTISC Cyber Threats Report is a waste of ink and paper. Want a decent opinion on what’s important in security? Here’s a few links for you

IT Security: The view from here

Mike Rothman’s Security Incite:

Jeremiah Grossman:

Info Security Advisor:

David Lacey: