Total transparency in security matters works about as well as it would for law enforcement: fine for tactical concerns, but not so great for long-term strategic concerns.

-David Barak

IMHO, I think you have it backwards. I see strategic discussions (like
new crypto algorithms, technologies, initiatives, etc) should be open to
public debate, review, and scrutiny. But operational/tactical discussions
(like new malware, software exploits, virus infected hosts, botnets, etc)
don't need public review. Rather, those types of communications should be
streamlined that would allow for quick resolution.

Reducto ad absurdum: The police don't usually phone ahead to a suspect and say
"We're planning to stop by around 4PM and execute a search warrant, so please
don't destroy any evidence before then, ktxbai"

Fair point - I was using "strategic" in the law enforcement with things like "long-term undercover investigation" in mind, but your point is well taken. I think we agree that some things benefit from increased transparency and other things don't.

David Barak
Need Geek Rock? Try The Franchise: