I had a college professor who had been a manager of large software programs for DoD systems. When studying Testing, we used an example of code to test. It was quickly apparent that larger software programs cannot be completely tested or even fully understood. The combinations of tests are astronomical and mathematically impossible to perform. Because of the fact that systems cannot be completely tested, cybersecurity has to use a risk-based approach to manage vulnerabilities. You wait and see what vulnerabilities are found and exploited. No system is secure. To win this game, you need to have fewer vulnerabilities than others so they are more easily attacked, inviting the attacker to them. Cybersecurity products and services both left- and right-of-boom are ultimately risk-based.-I have not checked them all but I believe this is probably true. Early adopters of a new technology have an advantage, bad actors learn how to exploit driving further adoption until the new technology is no longer an advantage but a necessity. Another new technology would need to be developed and the process repeats. However, small software programs can be fully tested and understood, calling them High Assurance. High Assurance software can be the front end to larger programs. If only High Assurance software is used to communicate with other High Assurance front ends, a risk-based approached should no longer be needed. There may be other ways to eliminate the risk-based approach but I do not know of them.
Nephew graduated WP also 99 or 2000. We don’t mention names on that one though. Glad to see a lot of focus and transparency on this subject. Will be watching your progress and TY for your service.
40:43 / 45:43 pet dog walks past the desk in Petraeus home near end of this interesting video...have not seen dog in this background before... probably heading for the fire during discussion of safeguards for military AI artificial intelligence operating at machine speed, not human speed
Thank you, Dave. As always, this was yet another Amazing session with an intriguing discussion with Charlie Bell and Kelly Bissell. I couldn't agree more with what was discussed. IMO, Zero Trust (ZT) is not about any single tool or single vendor with a single platform, but rather a synergistic, well-integrated, and interoperable ecosystem with the right intersection of Security and AI to address the vivid talent and skills gap in cybersecurity hampering "the good guys" today and the foreseeable future. We need more leaders like MSFT to continue to invest, help innovate, build, and democratize an intelligence-aware, contextual, and extensible cybersecurity ecosystem as a reference architecture. One that comes with extensible and secured-by-design APIs and offers an accelerated and tangible path toward Zero Trust Security Outcome.
