« Counting What Really Counts
GRC - Why It’s of LIMITED Interest to Me »

Social Networking, Crowd Sourcing and Security

I thought I posted this a while back so my apologies. At the OWASP Conference I spoke about social networking and how it may be applied to security domain in the future.  I used the slide below.

 

image

 

In a related but unconnected event, that Friday someone of the team sent out a simple spreadsheet with a quiz on it. It was late morning on the East Coast so late on Friday afternoon for Europe, late evening for Hyderabad and most people in Redmond were sat in traffic. Here are the stats of what happened (thanks Ashish).

  • Request started at  11:07 AM EST
  • Crowd Size 70+ across multiple time zones
  • Active Listening Crowd -  probably less than 30 due to time zone differences
  • Participation from 8
  • Total Puzzles = 30
  • Unsolved Puzzles = 21
  • Total Responses = 35
  • Total time taken = 50 minutes

Many people on Deal or No Deal think that phoning a friend they trust is preferable yet you are three times more likely to get the right answer if you ask the audience.

I think that crowd sourcing, social networking and applied Web 2.0 can plan an important role in some areas of information security in the future.

Explore posts in the same categories: Cool Business, Microsoft, OWASP, Security Industry, Social Networking, Speaking

This entry was posted on June 10, 2008 at 9:46 pm and is filed under Cool Business, Microsoft, OWASP, Security Industry, Social Networking, Speaking. You can subscribe via RSS 2.0 feed to this post's comments. You can comment below, or link to this permanent URL from your own site.

3 Comments on “Social Networking, Crowd Sourcing and Security”

  1. Adam Says:
    June 11, 2008 at 1:15 am

    I think ‘ask the audience’ tends to work when the audience might have a clue, or not be mis-informed. In the security echo chamber, we’d probably be told to raise awareness and follow best practices or something. Phoning a friend with data might be a good idea, if you have such a friend. :)

    Also, following our book conversation, have you read “The Difference,” by Scott Page?

  2. rybolov Says:
    June 11, 2008 at 1:39 am

    Maybe we can use the power of crowd-sourcing to determine the age-old security question of “how much is enough?” Left to our own devices, we seem to favor overengineering solutions and it takes somebody else without a vested interest to tell us when we’ve gone a bit too far.

  3. mcurphey Says:
    June 11, 2008 at 12:52 pm

    Adam, I suspect some experiement are in order. I can think of some ideas. I’ll ping you offline after budgetting and maybe we can partner and create soe expriements in the space? I can see a great Mtricon presentation from the results!

    Added the book to my reading list. Thanks.

Comment: