Jan 18 2008
It’s a legitimate question to ask if “The New Face of CyberCrime” is a documentary on the state of security or just a marketing piece for Fortify. They could have easily made a 20-minute movie that was all about Fortify, but they didn’t. The movie was a short, straight forward look at some of the issues facing internet users today regarding the security of the Internet. There are bad people out there and they’re becoming more organized in their efforts to get your data. It was meant to mildly shock the members of your board room or a class you might be teaching, without sending too strident of a message. Fortify hit their goal of making a movie that could be used to educate end users who aren’t that familiar with the Internet.
There were two things that disappointed me about the film though. The first was that there was nothing in the film that the audience hadn’t seen or read before. Much of the film was like reading an article from any one of the half dozen glossy security magazines that come out on a monthly basis. They rehashed many of the same subjects we’ve seen before, with many of the people we’ve all read before. There were a lot of people in the audience who would have like to see something that added to the body of knowledge, not just rehash what we know. In the director’s defense, they we weren’t his target audience. He was aiming for people who were like himself and barely understood computers.
The second thing I thought the film was lacking was a call to action. There was enough information in the movie to scare some people, but there was no “now go do this…” in the movie. There was a slight bias towards securing the applications, but nothing you’d notice if you weren’t in a theater surrounded by Fortify staff. But there was no suggestion of something to do about it, no suggestions of where to look for further information. If the film works and there’s an emotional charge worked up by viewing the film, you want to give people something to do with that energy. But I guess that’s for the person presenting after the film to take control of. The director says they thought of that, but that any call to action would have made The New Face of CyberCrime into a marketing piece and he may be right.
I went into The New Face of CyberCrime expecting to see something new and interesting; instead I saw Rsnake pointing to a screen while saying “Cross site scripting” a number of times and a good view of Marcus Ranum’s backyard. It wasn’t what I was hoping for, I would have liked to have heard some of the deeper conversations that went around the sound bites. But I think the movie was what Fortify and the director were hoping for. The New Face of Cybercrime would make a good brown bag lunch movie, something where you lead a conversation afterwards and educate your users. As far as using it in the board room though, I’m not too sure I’ve ever worked in a company where I could get the board to listen to me for 20 minutes, let alone watch a movie that long.