It’s getting harder to tell the difference between marketing and security news.
I was alerted to this problem (at a conscious level) when a friend of mine pinged me about the recent study on a potential catastrophic failure of infrastructure in the U.S. It was right before Blackhat USA, and it was produced by a company with something to gain from the story.
Since then I’ve been Baader-Meinhof noticing this happening everywhere in my security news feeds. It’s happening so much that I immediately perform the following algorithm on any new “research” at this point.
What’s the claim being made?
Who’s the company that did the “research”?
What does that company make or sell?
Would that product or service help solve this problem?
If so, subtract 40-95% of the weight I would have assigned the findings if it had been from an impartial source.
The image above is a great example of this. There’s a security magazine saying that there’s a security problem.
Cool, sounds impartial enough. Oh, wait, it’s about:
An email filtering problem
The researcher is an email filtering company
Add to that the fact that these types of security sites / magazines are massively pay to play. So not only are they publishing “research” that’s been created and/or massaged by marketing departments, but they’re often getting paid by that vendor directly to make a product pitch.
I mean, we already knew this was happening to some degree. And it happens in any industry. But it seems particularly bad in infosec right now.
To all the marketing departments out there, find a way to avoid being so transparently opportunistic. I know it’s your job to sell your company’s services, but maybe poke some fun at the conflict of interest or something. Anything would be a great alternative to the ‘perfect key for this perfect lock’ schtick that’s passing for research these days.
And to the management of the companies that have smart people, consider letting your researchers go free range and organic. Stop turning every nugget of an idea into a perfectly cultivated marketing story from the first moment of conception.
We can tell the difference.
All you’re doing is tuning people out to pure research, and that’s a disservice to everyone.