RSA: Fight attackers by making software revisions so quickly, exploits could be evaded

The future of software security may be revisions so frequent that attackers don’t have time to figure out where the vulnerabilities are before the potential attack surface has morphed to something else, RSA Conference 2015 attendees were told by CISO of an investment non-profit that funds companies built on technology developed for the CIA.

Perhaps network defenders need to take advantage of what University of Pennsylvania researchers call the honeymoon effect, where new software goes unmolested for a period after it is issued while adversaries analyze it for flaws, says Dan Geer, CISO of In-Q-Tel. With enough revisions, software is never in place long enough to fall prey to exploits, he says.

To read this article in full or to leave a comment, please click here

Network World Tim Greene