Editor's Blog: Live from InfoSec

silicon.com editor-at-large Will Sturgeon is blogging from the InfoSecurity show at London Olympia.

The InfoSec show has come around again so quickly. I last attended in 2005 and yet it still seems no time at all since I was last here, struggling to find those people I do want to speak to while stealthily or occasionally blatantly avoiding those I don't.

Trade shows are largely regarded as one of those 'love to hate', 'it goes with the job' kind of chores for all attendees - from exhibitors to potential customers to journalists. The list of companies conspicuous by their absence this year includes CA, Cisco and Trend Micro among others. CA of course is having its own shindig in Las Vegas this week which silicon.com news editor Steve Ranger is covering.

Microsoft however, is very much conspicuous by its presence here at Olympia, keenly promoting its security credentials - which are at least a little more credible post-Vista - while drawing fire in equal measure from critics of its heritage of insecurity.

Delivering the first keynote of the day, Lord Broers, chair of the House of Lords science and technology committee, singled out Microsoft's use of pop-ups to warn end-users of potential security threats. He accused the vendor of wording them in such a way as to breed a culture of confusion in which users will typically permit anything.

Broers said: "Microsoft gives warning signs that nobody understands. Warning messages are not much use to anybody."

The ongoing debate around usability, flexibility and security is likely to rage this week, especially as mobility becomes an issue of greater importance.

Broers also hinted at the hype that shows such as this are usually surrounded by and which, at times, has detracted from the credibility of the security industry.

He talked of Symantec, the biggest name in the security world, and suggested such a company "arguably has good reason to exaggerate the problems".

Refreshing then to hear the first vendor I spoke to this morning, Citrix, offer measured words of maturity.

Fraser Kyne, business development manager at Citrix, said: "There is a tendency to jump up and down and be exciting but with security you have to be pragmatic."

And with greater pragmatism comes risk assessment rather than fire-fighting and a frantic attempt to address security in a binary 'threat' or 'no threat' manner. Hopefully this more business-focused approach will be a theme for the people I speak to this week.

One of the benefits of larger vendors choosing to step out of the InfoSec madness is more breathing space for start-ups looking for the oxygen of publicity. Already I've chatted to a company called DriveSentry whose approach is to create 'white lists' and 'black lists' of which applications should be able to write to your hard disk. The creation of the white lists relies upon the community of users and their own experiences of which apps belong on which side of the fence - elevating the role of the user in creating a secure environment.

Given that emphasis on end-user engagement, I bet it won't be long before I hear the phrase 'security 2.0' (so remember where you heard it first).

DriveSentry is just 990,000 users short of its one million user target which it believes it needs in order to create a fully effective database for 'white listing' and blacklisting. For now a smaller database creates problems of false positives - and rekindles the debate about usability and security.

The product is free to use or try. The end game for such benevolence is to rent out the database to third parties - such as antivirus vendors - which are looking to add a further layer of security to their own offering. However I suspect being bought lock, stock and million-user barrel could also be an option in a hugely acquisitive industry.

I'll be bringing more news and updates from the show but will sign off now by suggesting the organisers might like to think about switching off the live feeds from the keynote theatre while it's not in use. I'm currently sat listening to a sound check.

"You're a beautiful, beautiful person Steven. You're a master at work," says one soundman to the other, after tiring of the more usual 'one, two, one, two'.

So not everybody finds being here such a chore.