“End to End Trust” - funky name for what?
It will be interesting to follow the response to this on the net:
http://www.microsoft.com/mscorp/twc/endtoendtrust/default.mspx
Home | Beast Or Buddha | Daily Security News | Industry Specialists Talk | Beast Hot Jobs | Contact | Blog Directory | Forums
3 Responses to ““End to End Trust” - funky name for what?”
Leave a Reply
- The ramblings in the Beast or Buddha IT Security blog are predominantly focused around IT Security topics. They are just my own takes on the industry and comments from industry peers. I don't profess to being able to solve the world's problems but happy to open myself up to criticisms and debate.
Most Read Posts
- The 7 Reasons Why Businesses are Insecure!
- PCI DSS Compliance Projects - The road to nowhere….
- The CIO Sticking Point - Time to Get them out of the Reporting Line
- Talking with David Rice; insecure software implications, regulation, vendors, making change and other things….
- Managing Security Effectively in the Enterprise
- Have we made any real and measurable progress in 2008?
- So we own your client database and everything important to you…
- Internet Censorship - Which Country is Next?
April 11th, 2008 at 11:33 am
Whats “End to End Trust”, you ask ?
For starters, the use of this foul tech marketing jargon is a great way to get your enterprise sued.
SAP is being sued for failing to deliver an “out-of-the-box integrated end-to-end solution that increases…effectiveness”
And it could cost them $100 million USD.
To this, I ungraciously say to SAP, “sucked in”.
Microsoft & other like-minded vendors take note. Your BS will not be tolerated.
http://blogs.wsj.com/biztech/2008/03/27/sap-sued-over-tech-jargon/
BG
April 11th, 2008 at 11:47 am
BIG smile….. excuse some of the links.. short posts already on this topic!
Erm, transitive trust, whether from the macro organisational layer, host to host, API to API, function to function, memory etc… node(person2device)2->network->2node(2device2person)
org(node2node)->network->2org(2node2node)
http://bsdosx.blogspot.com/2007/05/infosec-whats-fuss.html
Most of the time we all forget the major ‘transitive trust’ issue around people and identity:
http://bsdosx.blogspot.com/2007/06/symbiosis.html
Kim Cameron… fair play.
Albeit vendor says ‘trust me’… From the company who brought you… do you trust monocultures?
Question: How can market forces and/or regulation drive secure code, do I trust your code, it’s far too complex and abstract? Do I trust someone else to certify the trust in your code? We are seeing increased economic incentive for secure code/services, but also increased incentive for sentient attackers to defeat “secure” code as nodes/services are resources that can facilitate financial gain or feed the global power game via intelligence.
My answer is “time based” and at some point you have to trust someone or something. Assume human/machine compromise, now what’s the best you can hope for.
Cisco Trust Agent 2.0 and NAC ( erm’ what was wrong with 1.0 ?) http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5707/ps5923/product_data_sheet0900aecd80119868.html
May 19th, 2008 at 9:15 pm
[...] Charney’s “Enabling End to End Trust” keynote given recent discussions about his paper since it’s release. Scott: Impressive background, impressive presenting skills, but gees, if [...]