{"guid":"4bff9cb3-9e91-4305-9029-f4d9053c7b5c","title":"In Search of Evidence-Based IT-Security","subtitle":"IT security is largely a science-free field. This needs to change.","slug":"33c3-8169-in_search_of_evidence-based_it-security","link":"https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8169.html","description":"Applied IT security is largely a science-free field. The IT-Security industry is selling a range of products with often very questionable and sometimes outright ridiculous claims. Yet it's widely accepted practice among users and companies that protection with security appliances, antivirus products and firewalls is a necessity. There are no rigorous scientific studies that try to evaluate the effectiveness of most security products or strategies. Evidence-based IT security could provide a way out of the security nihilism that's often dominating the debate – however it doesn't exist yet.","original_language":"eng","persons":["hanno"],"tags":["Science"],"view_count":2319,"promoted":false,"date":"2016-12-28T13:45:00.000+01:00","release_date":"2016-12-28T01:00:00.000+01:00","updated_at":"2026-03-18T13:45:08.084+01:00","length":1854,"duration":1854,"thumb_url":"https://static.media.ccc.de/media/congress/2016/8169-hd.jpg","poster_url":"https://static.media.ccc.de/media/congress/2016/8169-hd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2016/4bff9cb3-9e91-4305-9029-f4d9053c7b5c-timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2016/4bff9cb3-9e91-4305-9029-f4d9053c7b5c-thumbnails.vtt","frontend_link":"https://media.ccc.de/v/33c3-8169-in_search_of_evidence-based_it-security","url":"https://api.media.ccc.de/public/events/4bff9cb3-9e91-4305-9029-f4d9053c7b5c","conference_title":"33C3: works for me","conference_url":"https://api.media.ccc.de/public/conferences/33c3","related":[{"event_id":3636,"event_guid":"a1a52c4c-8233-403b-8f04-db981df016c1","weight":30},{"event_id":3648,"event_guid":"8aaa55ad-b426-4d7a-8d46-f4b34a906eda","weight":33},{"event_id":3650,"event_guid":"ff044b6a-d567-4309-b9a8-ec9384b16a27","weight":36},{"event_id":3652,"event_guid":"60b52369-b0ee-455f-904a-4dfef49596eb","weight":61},{"event_id":3654,"event_guid":"ac80424a-f4dc-431d-95f3-3f85664ba2dc","weight":31},{"event_id":3656,"event_guid":"1a6657a2-b6c2-4acc-b8fc-5ec081c0877f","weight":67},{"event_id":3658,"event_guid":"10b11771-c76f-44d5-9b65-9ebca428d8ff","weight":53},{"event_id":3660,"event_guid":"69ce21df-4bf5-43ce-a500-ac7707ee64b7","weight":29},{"event_id":3662,"event_guid":"8c32309e-7136-4899-8ee4-1558e63ad137","weight":30},{"event_id":3663,"event_guid":"56b62043-b92d-4b32-b5d0-b78d8fbcbb24","weight":38},{"event_id":3669,"event_guid":"7ef9172a-e2c7-4e78-9316-08449bd582c6","weight":32},{"event_id":3671,"event_guid":"4ef69e6a-026f-4b30-888d-af654b220a3d","weight":39},{"event_id":3676,"event_guid":"f6811c99-96af-44d5-b82d-5afe826b2caf","weight":28},{"event_id":3689,"event_guid":"1f7eb981-2819-4824-8f40-4ddde0be7bf3","weight":40},{"event_id":3690,"event_guid":"8d0aed87-2484-4880-ae08-2dc3c7898959","weight":32},{"event_id":3734,"event_guid":"34ea8f1f-9fad-41aa-8424-e833f10e5e8b","weight":38}],"recordings":[{"size":null,"length":null,"mime_type":"application/x-subrip","language":"eng","filename":"DRAFT_33c3-8169-eng-deu-fra-In_Search_of_Evidence-Based_IT-Security.en_DRAFT.srt","state":"todo","folder":"","high_quality":true,"width":null,"height":null,"updated_at":"2022-01-15T16:52:21.595+01:00","recording_url":"https://cdn.media.ccc.de/congress/2016/DRAFT_33c3-8169-eng-deu-fra-In_Search_of_Evidence-Based_IT-Security.en_DRAFT.srt","url":"https://api.media.ccc.de/public/recordings/50286","event_url":"https://api.media.ccc.de/public/events/4bff9cb3-9e91-4305-9029-f4d9053c7b5c","conference_url":"https://api.media.ccc.de/public/conferences/33c3"},{"size":195,"length":1854,"mime_type":"video/mp4","language":"eng","filename":"33c3-8169-eng-In_Search_of_Evidence-Based_IT-Security.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2016-12-28T16:13:09.870+01:00","recording_url":"https://cdn.media.ccc.de/congress/2016/h264-hd/33c3-8169-eng-In_Search_of_Evidence-Based_IT-Security.mp4","url":"https://api.media.ccc.de/public/recordings/13861","event_url":"https://api.media.ccc.de/public/events/4bff9cb3-9e91-4305-9029-f4d9053c7b5c","conference_url":"https://api.media.ccc.de/public/conferences/33c3"},{"size":215,"length":1854,"mime_type":"video/mp4","language":"deu","filename":"33c3-8169-deu-In_Search_of_Evidence-Based_IT-Security.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2016-12-28T16:13:19.532+01:00","recording_url":"https://cdn.media.ccc.de/congress/2016/h264-hd/33c3-8169-deu-In_Search_of_Evidence-Based_IT-Security.mp4","url":"https://api.media.ccc.de/public/recordings/13862","event_url":"https://api.media.ccc.de/public/events/4bff9cb3-9e91-4305-9029-f4d9053c7b5c","conference_url":"https://api.media.ccc.de/public/conferences/33c3"},{"size":215,"length":1854,"mime_type":"video/mp4","language":"fra","filename":"33c3-8169-fra-In_Search_of_Evidence-Based_IT-Security.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2016-12-28T16:13:29.785+01:00","recording_url":"https://cdn.media.ccc.de/congress/2016/h264-hd/33c3-8169-fra-In_Search_of_Evidence-Based_IT-Security.mp4","url":"https://api.media.ccc.de/public/recordings/13863","event_url":"https://api.media.ccc.de/public/events/4bff9cb3-9e91-4305-9029-f4d9053c7b5c","conference_url":"https://api.media.ccc.de/public/conferences/33c3"},{"size":323,"length":1854,"mime_type":"video/mp4","language":"eng-deu-fra","filename":"33c3-8169-eng-deu-fra-In_Search_of_Evidence-Based_IT-Security_hd.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2016-12-28T16:13:42.855+01:00","recording_url":"https://cdn.media.ccc.de/congress/2016/h264-hd/33c3-8169-eng-deu-fra-In_Search_of_Evidence-Based_IT-Security_hd.mp4","url":"https://api.media.ccc.de/public/recordings/13864","event_url":"https://api.media.ccc.de/public/events/4bff9cb3-9e91-4305-9029-f4d9053c7b5c","conference_url":"https://api.media.ccc.de/public/conferences/33c3"},{"size":28,"length":1841,"mime_type":"audio/mpeg","language":"eng","filename":"33c3-8169-eng-In_Search_of_Evidence-Based_IT-Security.mp3","state":"new","folder":"mp3","high_quality":false,"width":0,"height":0,"updated_at":"2016-12-28T18:19:26.328+01:00","recording_url":"https://cdn.media.ccc.de/congress/2016/mp3/33c3-8169-eng-In_Search_of_Evidence-Based_IT-Security.mp3","url":"https://api.media.ccc.de/public/recordings/13943","event_url":"https://api.media.ccc.de/public/events/4bff9cb3-9e91-4305-9029-f4d9053c7b5c","conference_url":"https://api.media.ccc.de/public/conferences/33c3"},{"size":24,"length":1841,"mime_type":"audio/opus","language":"eng","filename":"33c3-8169-eng-In_Search_of_Evidence-Based_IT-Security.opus","state":"new","folder":"opus","high_quality":false,"width":0,"height":0,"updated_at":"2016-12-28T18:20:10.671+01:00","recording_url":"https://cdn.media.ccc.de/congress/2016/opus/33c3-8169-eng-In_Search_of_Evidence-Based_IT-Security.opus","url":"https://api.media.ccc.de/public/recordings/13944","event_url":"https://api.media.ccc.de/public/events/4bff9cb3-9e91-4305-9029-f4d9053c7b5c","conference_url":"https://api.media.ccc.de/public/conferences/33c3"},{"size":117,"length":1854,"mime_type":"video/mp4","language":"eng-deu-fra","filename":"33c3-8169-eng-deu-fra-In_Search_of_Evidence-Based_IT-Security_sd.mp4","state":"new","folder":"h264-sd","high_quality":false,"width":720,"height":576,"updated_at":"2016-12-28T18:20:38.023+01:00","recording_url":"https://cdn.media.ccc.de/congress/2016/h264-sd/33c3-8169-eng-deu-fra-In_Search_of_Evidence-Based_IT-Security_sd.mp4","url":"https://api.media.ccc.de/public/recordings/13945","event_url":"https://api.media.ccc.de/public/events/4bff9cb3-9e91-4305-9029-f4d9053c7b5c","conference_url":"https://api.media.ccc.de/public/conferences/33c3"},{"size":225,"length":1854,"mime_type":"video/webm","language":"eng-deu-fra","filename":"33c3-8169-eng-deu-fra-In_Search_of_Evidence-Based_IT-Security_webm-hd.webm","state":"new","folder":"webm-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2016-12-28T18:21:09.543+01:00","recording_url":"https://cdn.media.ccc.de/congress/2016/webm-hd/33c3-8169-eng-deu-fra-In_Search_of_Evidence-Based_IT-Security_webm-hd.webm","url":"https://api.media.ccc.de/public/recordings/13946","event_url":"https://api.media.ccc.de/public/events/4bff9cb3-9e91-4305-9029-f4d9053c7b5c","conference_url":"https://api.media.ccc.de/public/conferences/33c3"},{"size":109,"length":1854,"mime_type":"video/webm","language":"eng-deu-fra","filename":"33c3-8169-eng-deu-fra-In_Search_of_Evidence-Based_IT-Security_webm-sd.webm","state":"new","folder":"webm-sd","high_quality":false,"width":720,"height":576,"updated_at":"2016-12-28T18:21:58.148+01:00","recording_url":"https://cdn.media.ccc.de/congress/2016/webm-sd/33c3-8169-eng-deu-fra-In_Search_of_Evidence-Based_IT-Security_webm-sd.webm","url":"https://api.media.ccc.de/public/recordings/13947","event_url":"https://api.media.ccc.de/public/events/4bff9cb3-9e91-4305-9029-f4d9053c7b5c","conference_url":"https://api.media.ccc.de/public/conferences/33c3"}]}