Innovation in the cyber industry is dead. This is something we’ve spoken about before on the Forensic Focus podcast, you can listen here or from any place you get your favourite podcasts.
This has been equated to we’re simply just waiting for the Cellebrites of the world to crack the newest iPhone so that policing forensics can get into bad people’s phones.
Some thought around this is that the industry is buying up all of the talent and keeping it in-house so that the wider public doesn’t get to benefit. While I think this is true I also think part of it is a necessity due to the high research costs.
While this is a convenient outlook on the current state of the industry I don’t think it’s the whole picture. I think we all suffer from confirmation bias/echo chamber in which we see and hear what we are accustomed to. This has shifted from the days of we didn’t have access to enough information to see more of the options to today’s issue of we have access to too much and we’re getting lazier at looking into new options.
I want to present two other explanations of why we might feel this way and a counterpoint to it as well.
- Research is thriving and coming out with novel ideas and even POC all the time. However, it is generally paywalled behind university research paper websites. Plus, when it is a good idea unless the researcher(s) who made it can make a living then if it doesn’t gain community support or is picked up by industry and also paywalled then it becomes a dead project on GitHub pretty quickly.
B. There are innovation projects that are growing that still remain open-sourced or at least semi-open-sourced. Velociraptor is one that springs to mind, with the financing model of Rapid7 behind it at least from what I understand comes from both the training offered and the enterprise incident response services.
Both of these points I think come back to us as a community supporting the individuals whom we think the projects have merit and use because if we don’t they’ll either die or get bought out.
How do I think we can help? Mostly just from feedback as a start and as an extension maybe if you find a bug in a project try and fix it and push the change to the repository. Humans are mostly communal if not minimally egotistical so most feedback will have a positive effect on keeping things alive.
I would love to hear what you think about the above and see if there are other insights into the “innovation is dead” concept.