I’ve been defending Virtual Trust as an enabler for the past three days on the full-disclosure list. So far, fairly successfully.
Here’s the challenge: How creative are you in arguing *for* VT, *against* VT and determining the *impact* of VT?
Here’s your chance to figure out what works and what doesn’t with the theory I’ve proposed.
Naturally, the results may (or may not!) significantly impact our field.
I have set up three pages on my blog for comments. All I ask is the following:
1. Keep an open mind
2. Read the main source material before posting
3. Provide a thoughtful reply
I look forward to the ultimate peer review.
Bring it on!
Ken
========================================================
Main Source Material
========================================================
Here is the main paper:
http://www.ftusecurity.com/pub/VT-belva-dekay-final.pdf
Here is a post regarding the distinction between Virtual Trust and the current model of information security, the Insurance Model:
http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049698.html
Information Security is a necessary but not a sufficient condition for the creation of electronic assets and electronic business relationships:
http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049683.html
A independent VT example thought of by Brian Eaton not found in our main paper or subsequent posts (pay-per-click advertising):
http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049658.html
========================================================
Website Pages
========================================================
Main Page:
http://www.bloginfosec.com
Virtual Trust: Support (FOR)
http://www.bloginfosec.com/?page_id=72
Virtual Trust: Objections (AGAINST)
http://www.bloginfosec.com/?page_id=73
Virtual Trust: Impact (NEW POSSIBILITIES)
http://www.bloginfosec.com/?page_id=74
Popularity: 3%
