> Schneier is a so-called expert who has testified in front of congress
Schneier has been around for a long time, knows the industry well and has made significant contributions. Not everyone get's things right all the time including Schneier.
Credibility wise he ..
- has a master's degree in computer science
- was awarded an honorary Ph.D from the University of Westminster in London
- is chief technology officer of BT Managed Security Solutions
15 publications, 6 notable books -
- Applied Cryptograph
- Cryptography Engineering
- Secrets and Lies: Digital Security in a Networked World
- Beyond Fear: Thinking Sensibly About Security in an Uncertain World
- Liars and Outliers: Enabling the Trust that Society Needs to Thrive
- Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World
Unfortunately, Schneier is not a security expert, just a layman. He's a mathematician who somehow believes he's qualified to talk about a wide range of security topics. He's not.
Good point about Schneier, although with a caveat: he's actually an expert in cryptography, and he has opinions about more generalized subjects in security. Quite often he's right, but I don't consider him to be an actual "security expert" in any general sense. I don't think it's actually possible; "security" is a blanket term.
Bruce is dead-on right in this case. Fighting the previous war won't prevent the next one.
Yes. Schneier is the Seth Godin of IT security, it's self-marketroid personality cult. I have to admit I usually agree with his positions but more often than not I don't like his reasoning. Also he tends to talk about things out of his sphere of knowledge.
Bruce Schneier is well documented to equate failing to disclose vulnerabilities with making systems less secure, or as he put it in this interview, less safe:
To his credit, he was talking about weakening encryption standards, but then elaborated that simply looking for security vulnerabilities and not telling anyone what they found was also doing that. I find that latter position ridiculous. It would be like saying studying malaria and not reporting your findings makes people less healthy.
Bruce Schneier does have vast expertise when it comes to security/encryption and the fact that he is formulating his conclusions in a way that they can be consumed by the general public, is something that is commendable and makes him way more dangerous for the NSA. Which is one of the reaseons why he gets attacked for it, i guess.
That security systems are designed in the most paranoid fashion possible doesn't tell you anything about the real nature of the threat. Schneier's book doesn't tell you that the NSA has been strong arming corporations into giving up their private keys and into installing backdoors on chips.
reply