This week, I was having a beer with a couple of colleagues and the discussion turned to the “commoditization” of security. We all know that security is one of the hottest market spaces on the planet. Security firms are selling firewalls and IDS/IPS boxes at a breakneck pace to keep up with the growing security threats and to be fair, the demands for these solutions are growing as well. But what happens when the supply outweighs the demand? You look for new things to commoditize!
- Do I trust this community? – You have to have TRUST with whom you are sharing your most sensitive vulnerability data. Do you know the identities of the other contributors? If you don’t have trust that your information will remain private, you won’t use the community or get the most of your investment.
- Can I count on this community when I need them most? – In time of crisis, when your Incident Response Team is fully engaged, can you lean on someone for help? Do you have a lifeline that will help you or find the resources that can?
- Is the information vetted? – Make sure the information you’re receiving form the community is vetted. If the information you’re receiving is invalid or inaccurate, you’re going to waste a lot of time going back fixing things you shouldn’t have to.
- Is the community moderated? – Or is it a free for all? Moderation is important. An un-moderated community is a time killer. No one wants to sift through pages of chatter to get to actionable information.
- Is there any context to the information I’m receiving? – Is the information you’re consuming in a context you understand? No one wants to take action and not understand as to why the action being taken is important.
- Cost? – You get what you pay for. If you opt for a no-cost community, you may not get quality information or too much data. If you opt for the most expensive, you may see high turnover of membership or little return on investment.