Saturday 22 September 2012

Trillions from MAYA (see the video, buy the book)

The Trillions Video is one of the most important videos that I have seen over the last couple years and one that gave me a nice warm felling that I'm doing the right thing with my O2 Platform development strategy.

They have now released a book Trillions: Thriving in the Emerging Information Ecology which I have started to read (on IPad's Kindle) and if you want to understand what will happen next, you NEED to read it.

A key message in the video and book is that to deal with new paradigms and systems,  we need complete new strategies, approaches, tools and ideas.

And that is exactly what I'm doing with O2 Platform. Instead of doing what just about every other Security tools vendors is doing (i.e. 'trying to create a 'blackbox' solution with some customisation features on top'), I'm creating an environment/platform where Scripting and Customisation are first-class citizens. In fact most of the O2 Platform is already 'scripts' and the expectation is that when facing the target application/website, the question is not 'do we really need to customise our technology/tools/approach?' but 'how fast can we customise our technology/tools/approach so that it actually represents reality?'. 

It's the customisation-time-delta that matters, and of course that the faster that happens, the more we (Application Security Knowledge) will scale :)

Back to Trillions, I see Application Security (and its complexity) as they see Trillions. Each node (from source-code to app's behaviour) is something that needs to be analysed, modeled, managed, controlled and (sometimes) fixed.

In fact, a business model that still yet to take hold in our industry is 'Security Tools/Technologies/APIs Customisation Services' (with clients paying for it and service companies providing it)

Btw, MAYA company and research is simply amazing and their focus on Design is a great inspiration  (what a great place to work that must be). Checkout their other videos (http://vimeo.com/mayanmaya) and research (http://www.maya.com/practices/research).

Even their name is really powerful, since MAYA means Most Advanced Yet Acceptable.

Finally, if you want to explain what 'Is An API?' to a non-developer audience, point them to MAYA's latest video on Containerization (I would love to have videos like this to example how SAST, DAST and even O2 works :)  )