Top 10 hot topics at RSA 2010

2. There is no security
Iain Thomson: Early on in the show I did a story about how the anti-virus industry is failing to pick up 10 to 30 per cent of malware attacks.

That evening I was at a meet-and-greet session with one of the biggest anti-virus vendors and was talking about this to the firm's chief technical officer, a marvelously outspoken chap - the kind we hacks love.

I was expecting an angry denial and the reasons why. Instead he looked thoughtful for a second and said: "Yes, that's fair enough. Signature based anti-virus is failing, and heuristics too."

Considering that I used to have this company's security software on my own home system it was a tad unsettling to hear this, but the other security professionals I spoke to this week had roughly the same response. While any sane person knows there's no such thing as absolute security, I'd expected people to be a little more confident that the products they were selling could stop attacks on a regular basis.

Now, I don't want to get alarmist about it, but this is going to be a serious problem. In the short term you could try using platforms that are seldom attacked, such as Apple or Linux. But, for at least the next decade, if you work in an office chances are you will be using a Windows system, and you'll be vulnerable.

Shaun Nichols: During a panel discussion at the show, famous security researcher Dan Kaminsky said: "Sometimes there are big problems that we've dealt with, and that's OK."

What's not OK is when big security problems are not dealt with, and we saw a lot of that this year. Everything from SSL certification to the basic security concepts of next-generation enterprise services were called into question, and the answers were few and far between.

Fortunately, some of the smartest people on the planet are looking for ways to solve the issue. I have no doubt that some very solid solutions will be found, but in the meantime the enterprise community is less than enthused with current security protections. Which brings us to our number one issue ...

1. Trust
Shaun Nichols: If you followed all the RSA keynotes, you would see that the one theme that popped up in nearly every address was 'trust'. The onslaught of malware and other forms of attack have caused many companies to lose faith in their security protection, and has left security vendors red-faced.

It's also perhaps the most troubling question to come out of the RSA conference this year. Technical issues can be addressed by faster and more accurate products. Performance problems can be solved by better research and retooled software.

Trust, however, is difficult to quantify and even harder to earn, especially when it has been lost before. A company can overcome buggy releases or a bad financial quarter, but it's much worse when users have more or less lost faith in your entire sector.

Cloud computing uptake has stalled recently, in no small part because of security concerns. If not addressed, those concerns could bring the downfall of some pretty big names.

Iain Thomson: In so much of life, trust is everything, and never more so than in security. Your last point is a good one Shaun. We are seeing a lack of trust in security holding back the adoption of cloud services, but I fear we may have bigger problems than that.

To my mind the entire banking sector has an enormous trust issue hanging over it. We're already seeing people stopping online banking for fear of fraud and the rot will continue until the sector addresses those concerns.

However, there is also the wider issue of trust on the internet. The basic protocols of the internet were not designed with security in mind. The whole point was that connections should be simple and reliable.

I fear that we may have to go back to the drawing board on internet protocols in order to trust that connections are going to the right people.