The RSA Conference is one of the big IT Security events. In fact, I knew IT Security was big business in the 90’s when IBM was sponsoring huge parties with multiple bands, buffets, ice sculptures, … I didn’t attend the RSA Conference last week, but a couple of items from the press coverage caught my attention.

• Core Impact researchers predict that third-party vulnerabilities may affect users more than Vista vulnerabilities. Not a bad bet since most companies are not putting the resources into security during the software development life cycle that Microsoft is. Eeye doesn’t necessarily disagree, but they already have a Vista vulnerability (actually only affects Vista, not XP).
• The Cryptographer’s Panel seems to be getting a bit long in the tooth. Diffie, Rivest, Hellman and Shamir all did groundbreaking work and deserve fame and fortune, but where is the new blood on the panel? How about someone from the team doing the interesting cryptanalysis of secure hashs?
• Unrelated to the conference - I found the Vulnerability Note on Trend Micro anti-virus interesting. Software designed to protect ends up putting virtually every system on your network at risk. Similar to the discussion on the risks of agents.