Top 10 hot topics at RSA 2010

RSA 2010

It's been a long week but RSA 2010 is now officially over. The chairs in the auditorium have been stacked, the expo is being torn down and delegates are disappearing home for another year.

All in all it's been a fascinating show. The quality of keynote speakers was very high, with only a few boring rants, and people have been knowledgeable and willing to share. There have been spirited debates, in-depth seminars and, I'm willing to bet, more than a few inappropriate clinches at last night's Codebreakers Bash in City Hall.

You can find all the stories in our RSA 2010 Special Report but for the record here's our pick of the top talking points of the show. Any attendees might wish to add their views below.

Honourable Mention: Robots
Iain Thomson: I wasn't expecting to get a story from this presentation, but who can resist robots? As it turns out the talk was really rather interesting.

Dr Singer from the Brookings Institution was inspirational about the future of robotics and the questions that it raised. From a security standpoint it's clear that a lot more of our physical security systems are going to be robotic in the future, but what really grabbed my attention was the ethics of using such technology.

It's pretty much a given that we're going to see the friendly building security guard replaced by a mechanical equivalent. However, how far are we going to let such machines be capable of independent action? That's the question that keeps me up at night.

Shaun Nichols: Pretty much all men love robots, especially robots with guns. Yes, they may be unstable and highly dangerous, but they're still really cool.

That said, I'd rather not see a robot guarding anything until researchers can at least ensure that the thing won't suffer a system error and start unloading into crowds of people.

The Singer keynote provided an interesting outlook on the long-term future of robotics and a nice dose of reality on where the field actually is.

Honourable Mention: Blacklisting and whitelisting
Shaun Nichols: How bad has malware got? Well, now instead of creating tools to filter out all the software you're not supposed to use (blacklisting) companies are pitching tools that only allow software that is safe to use (whitelisting).

Actually, whitelisting has been around for a while and is a pretty good way to increase security and productivity. Many of the latest tools will scope out the network, make a profile and then make sure that no changes from that 'clean' state can be made.

The appliances can also control who has access to what files and applications. A sizeable proportion of data breaches stem from error or malice by someone within the company, and whitelisting controls can help to contain the damage.

Iain Thomson: Based on what we've learned from the show, the idea of just going with whitelisting or blacklisting isn't the answer. We need to meld these two systems together.

The problem is how to do this in an effective way. Whitelisting can be useful but takes a lot of time, while blacklisting can have unfortunate problems with false positives and can harm productivity. When our IT department shut off access to Facebook and Twitter we had to protest, since we get a fair few stories from those sites.

The combination approach has a lot to offer but the devil is in the details. We'll have to see what the security industry comes up with.