Dear Sen. Rockefeller,
I am a cyber expert. I invented a key technology known as ”IPS” that is a standard part of network defense. I invented hacking techniques like ”sidejacking” that are a standard part of network offense. I am a coder who has written a million lines of production code. I am a ”pentester” who has performed simulated attacks that confirm your worst nightmares about power-grid blackouts and financial meltdowns.
Your letter [*] was na¯ve. There is no such thing as ”best” practice, because there is no such thing as ”adequate” practice. The Fortune 500 has not figured out how to stop Chinese hackers from breaking into web browsers, or how to separate code from data injected into websites, or how to stop an inadvertent connection between a secured and unsecured network. This has allowed me to hack (in tests) into Fortune 500 companies, even those that follow the very best of ”best practice”.
» Robert David Graham | erratasec.blogspot.com