A very thoughtful piece from Dan Kaminsky on how we got into this mess. I definitely agree with him that we need to better manage the components of critical infrastructure. We've actually seen something like this before -- does anybody remember the work that the University of Oulu did exposing serious vulnerabilities in nearly every protocol stack using ASN.1?
About Andy Sherman
Andy Sherman, Eden Technologies’ security practice lead has a PhD in physics from Rensselaer Polytechnic Institute and started his career in the academic world. He then went to AT&T Bell Laboratories where he discovered the power – and hazards – of large distributed computer networks. It was also at Bell Labs, during the early days of the Internet, that Andy became interested in the security problems associated with public networks. From Bell Labs Andy moved to the financial services industry. There he worked on a large range of infrastructure design, deployment, and management projects, but is best known for his 15+ years in information and technology security.