It's day two of AusCERT's annual security conference, so Patrick Gray took some time out to reflect on day one...
The conference was opened by a surprisingly engaging keynote [mp3] by Microsoft's Trustworthy Computing head Scott Charney, who outlined the company's vision for end-to-end trust. Microsoft is being remarkably frank about what isn't working in its fight against badness. Despite all the company's investments to date, it's prepared to admit the Internet is still a bad neighbourhood.
Another interesting presentation was Richard Perlotto's talk [mp3] on malware collection and analysis. In addition to working for Cisco, Perlotto is with the Shadowserver foundation -- a volunteer-run organisation designed to track malware, botnet activity and electronic fraud.
By far the standout of the day, however, was the presentation by former NSA technical director Brian Snow [mp3]. His unusual delivery style, combined with his lateral thinking meant his talk was food for thought. The basic premise of his argument is time-to-market and other commercial pressures on software manufacturers mean quality, reliability and security is sacrificed. He first joined "the agency" in 1971, and has only recently made the transition to the outside world. Hearing the perspective of a man who's been kept out of the limelight for so long got attendees talking.