Having to incorporate the term "Web 2.0" into my technocabulary was hard enough, but "Security 2.0" is just too ridiculous for me to absorb. Assigning words with numerical increments by buzzword hungry media vultures is a disgrace to the development community.
The creators and developers (and some early adopters), of just about anything, can provide an explanation of the basic development process and product life cycle. If you do not fit into one of those categories, but are considered part of the media, then please find someone to explain this concept to you using small words. Maybe that's still asking too much.
Here are some terms, phrases and acronyms associated with early development phases: "pre-alpha", "alpha", "beta", "RC1", "RC2", "CTP", "pre-release", "unstable" and "98Me". Once product development has been completed, one might see such terms as: "production", "RTM", "master", "complete", "stable", or even "v1.0". If a product's success creates enough demand (or if sales drop and the marketing department has run out of ideas), often a product will be redesigned, reengineered, and occasionally improved. Its new release is often noted by the abbreviation "ver. 2.0" or "v2.0", indicating that it is indeed the second version. That's the simplistic and basic definition of the "2.0" appendage.
Unfortunately, when most computer geeks weren't looking, the corporate assisted media was somehow able to slip the term "Web 2.0" past us. The countless questions I've faced due to this atrocity...
"What's the difference between Web 1.0 and 2.0?"
"Did the Internet undergo an upgrade?"
"Can I use Web 2.0 with just a dial-up connection?"
"When will they issue Web 2.0 SP1?"
"Is my site Web 2.0 compatible?"
"Can I use Web 2.1 technology?"
"Is there a release date for Web 3.0?"
...continue to haunt me.
Getting past the frustration of the miscoined Web 2.0 phrase, I've learned to play along with everyone else's accepted notion that it's like the original web, but this version goes to 11. Any recent startup or mashup, claiming to have Curled, Flexed, Ajaxed or Rubied the latest RIAs, to provide services like blog-casting or socially-tagged-map-sourcing, for a robust interactive web experience...are most likely part of the Web 2.0 movement. You can actually check any site's Web 2.0 mojo with the web2.0 validator.
However, my tolerance for misnomers and neologistic fallacies ends with "Security 2.0". Despite its first misuse in 2006, compliments of Symantec's Tom Kendra, it continues to be misquoted and misstated by people who should know better. The valuable words of Schneier, "Security is a process, not a product", are one of the simplest criticisms of Security 2.0. It's not a product, thus there are no release cycles, upgrades or version numbers.
Security is a process; one that constantly evolves and (theoretically) improves over time. As the landscape of the Internet continues to sprout new threats and exploits, security adaptively grows to counter with protection and prevention (once again, theoretically). Malware, in its many forms, rapidly spreads and infects with great speed and efficiency. It's not released incrementally in the forms of Virus 2.0, XSS 2.0 or Trojan 2.0. This is the reason why security is a process-threats are a process.
Reading current discussions, defining and touting Security 2.0, it is advertised as a new evolution in security, the new generation of security, and a new vision for comprehensive protection. The reality is that many companies have a hard enough time properly implementing basic forms of security. Philosophizing about future security trends is comically insignificant, when presently corporations still struggle for solutions to institute effective multi-layered security. Regardless of how we're faced with emerging threats, fundamentally adaptive defense in depth strategies will remain.
Perhaps my analysis takes the meaning of "2.0" too literally. I understand its use as a descriptive element, indicating the conceptual changes of the web as a new platform for interactive content collaboration. Although, it's subsequent inappropriate mass adoption by industries and application to processes, create meaningless buzzwords at best. A brief search revealed, PR 2.0, Publishing 2.0, Classroom 2.0, Identity 2.0, Library 2.0, Health 2.0 and a brilliant discussion of Web 2.0 2.0.
Unfortunately, individuals are already using terms like Malware 2.0. If one were truly to assign a version number to Malware, we would already be well into the realm of requiring scientific notation. While hackers constantly find new vulnerabilities to exploit, often the old-school attacks from their arsenal are just as effective. If the term Hacking 2.0 is adopted, or even suggested, by anyone, their rights to free speech should be revoked.
If hacking is about to release a major service pack or version upgrade, I'll let you know; I'm usually one of the beta testers.
Send your comments using email 2.0 to:
With 20+ years of industry experience, Noah Schiffman is a former black-hat hacker turned security consultant. Coding at an early age, he developed one of the early text/graphic editing applications and started his first software company in 1980 when he was 11 years old. With the advent of networking technologies, he soon mastered the art of manipulating telco switching systems, known as "Phone Phreaking". This soon led to his career as a computer hacker, performing penetration testing, reverse engineering, cryptographic attacks, corporate espionage, digital surveillance and other ethically questionable projects.
His clients have consisted of Fortune 500 companies and various government agencies.
He has authored a number of articles for SearchSecurity.com, on topics ranging from kernel mode and metamorphic viruses to corporate data loss prevention.
|
|
It is so funny..
Try Business Intelligence 2.0! We are on level 2 on business intelligence - high time after thousands of years doing business!
Web 2.0 really bugs me, it is now everywhere but try to get someone to explain it. Last count - I have over 50 different definitions, based on to whom and in which company you talk.
But I'm not amazed this happening in IT - IT (marketing) has inflated everything, terms and titles. Everybody is now an architect or an administrator, maybe some misguided analyst mixed there coding and configuring? I wonder what building architects would say if they would be renamed as "account managers", as is common in IT today. Now, of course, operators are happy with an administrator title, sounds better? No more programmers, everyone is a developer or maybe a software engineer, independent of the fact that they have no engineering education?
So - we just change the documents, policies, resumes, etc - actually often easy, just add the 2.0 to any term?
no need to blame the media
Noah, I agree with you about overuse of the addendum "2.0" being ridiculous, but your anger is misplaced. Regarding your line: "If you do not fit into one of those categories, but are considered part of the media, then please find someone to explain this concept to you using small words. Maybe that's still asking too much."
There is no need to belittle the media, at least for this issue (there are other, better reasons to belittle the media). The 2.0 craze is a result of the industry hype-cycle, not the press. Symantec kicked off Security 2.0 with a conference titled, of course "Security 2.0." Even the examples you cite within your own blog posting are from vendors (Symantec and Panda Security), not the media. Let's place the blame where it belongs.
Im now on English 2.0
Hey you know I figured we might as well wrap all of these new technobabble (oops theres a Eng 2.0 word) into its' own language version.
Please see my newest ebook releases: Learning English 2.0 and Advanced English 2.0. Both only available as a podcast or pdf, of course.
Of course, when someone asks me such ridiculous questions re: Security 2.0, I can lie and say- "Im sorry, I dont speak English 2.0".
Jeff 2.0b