Web 2.0, Security 2.0 and Hacking 2.0

Having to incorporate the term "Web 2.0" into my technocabulary was hard enough, but "Security 2.0" is just too ridiculous for me to absorb.  Assigning words with numerical increments by buzzword hungry media vultures is a disgrace to the development community.

The creators and developers (and some early adopters), of just about anything, can provide an explanation of the basic development process and product life cycle.  If you do not fit into one of those categories, but are considered part of the media, then please find someone to explain this concept to you using small words.  Maybe that's still asking too much.

Here are some terms, phrases and acronyms associated with early development phases: "pre-alpha", "alpha", "beta", "RC1", "RC2", "CTP", "pre-release", "unstable" and "98Me".  Once product development has been completed, one might see such terms as: "production", "RTM", "master", "complete", "stable", or even "v1.0".  If a product's success creates enough demand (or if sales drop and the marketing department has run out of ideas), often a product will be redesigned, reengineered, and occasionally improved.  Its new release is often noted by the abbreviation "ver. 2.0" or "v2.0", indicating that it is indeed the second version.  That's the simplistic and basic definition of the "2.0" appendage.

Unfortunately, when most computer geeks weren't looking, the corporate assisted media was somehow able to slip the term "Web 2.0" past us.  The countless questions I've faced due to this atrocity...

"What's the difference between Web 1.0 and 2.0?"

"Did the Internet undergo an upgrade?"

"Can I use Web 2.0 with just a dial-up connection?"

 "When will they issue Web 2.0 SP1?"

"Is my site Web 2.0 compatible?"

"Can I use Web 2.1 technology?"

"Is there a release date for Web 3.0?"

...continue to haunt me.

Getting past the frustration of the miscoined Web 2.0 phrase, I've learned to play along with everyone else's accepted notion that it's like the original web, but this version goes to 11.   Any recent startup or mashup, claiming to have Curled, Flexed, Ajaxed or Rubied the latest RIAs, to provide services like blog-casting or socially-tagged-map-sourcing, for a robust interactive web experience...are most likely part of the Web 2.0 movement.  You can actually check any site's Web 2.0 mojo with the web2.0 validator.

However, my tolerance for misnomers and neologistic fallacies ends with "Security 2.0".  Despite its first misuse in 2006, compliments of Symantec's Tom Kendra, it continues to be misquoted and misstated by people who should know better.   The valuable words of Schneier, "Security is a process, not a product", are one of the simplest criticisms of Security 2.0.   It's not a product, thus there are no release cycles, upgrades or version numbers.

Security is a process; one that constantly evolves and (theoretically) improves over time.  As the landscape of the Internet continues to sprout new threats and exploits, security adaptively grows to counter with protection and prevention (once again, theoretically).  Malware, in its many forms, rapidly spreads and infects with great speed and efficiency.  It's not released incrementally in the forms of Virus 2.0, XSS 2.0 or Trojan 2.0.  This is the reason why security is a process-threats are a process.

Reading current discussions, defining and touting Security 2.0, it is advertised as a new evolution in security, the new generation of security, and a new vision for comprehensive protection.  The reality is that many companies have a hard enough time properly implementing basic forms of security.  Philosophizing about future security trends is comically insignificant, when presently corporations still struggle for solutions to institute effective multi-layered security.  Regardless of how we're faced with emerging threats, fundamentally adaptive defense in depth strategies will remain.

Perhaps my analysis takes the meaning of "2.0" too literally.  I understand its use as a descriptive element, indicating the conceptual changes of the web as a new platform for interactive content collaboration.  Although, it's subsequent inappropriate mass adoption by industries and application to processes, create meaningless buzzwords at best.  A brief search revealed, PR 2.0, Publishing 2.0, Classroom 2.0, Identity 2.0, Library 2.0, Health 2.0 and a brilliant discussion of Web 2.0 2.0.

Unfortunately, individuals are already using terms like Malware 2.0.  If one were truly to assign a version number to Malware, we would already be well into the realm of requiring scientific notation.  While hackers constantly find new vulnerabilities to exploit, often the old-school attacks from their arsenal are just as effective.  If the term Hacking 2.0 is adopted, or even suggested, by anyone, their rights to free speech should be revoked. 

If hacking is about to release a major service pack or version upgrade, I'll let you know; I'm usually one of the beta testers.

Send your comments using email 2.0 to: greyhat@computer.org


Copyright © 2008 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022