Arbor Networks: Security to the Core

RSS has been a boon to me for tracking the hundreds of sources I monitor for security information. These include blogs, news sites, vendor sites and security information clearing houses, all of which publish information via RSS. Using an RSS aggregator, I can consume this and build up a local database of information.

If you do not know what RSS is, here is a quick rundown. It is nothing more than a common XML format to describe the content on the website as it changes over time. Specifically suited to small units of information, like a blog post, a news article or a security advisory, they provide an RSS consumer with the information needed to get an overview of the new content. Typically, an RSS aggregator is an application that looks like your e-mail reader. New items come in from the sites you watch, are highlighted by the application, and you can read them. Want to read more? You can follow a link. All done; no problem; just go on to the next items.

The benefit here is obvious: you can read hundreds of articles from hundreds of sites quickly and easily, without having to visit all of those sites. Now, instead of checking them periodically, the application tells the host to do what it is good at and automatically poll for new content.

Because our industry has such a flurry of information in a constant stream, it is important to keep up and find the new items but not waste too much time doing that. It is easy to be sucked into reading websites for hours on end, but that is counter-productive. What you want is to quickly skim the news of the morning and read the one or two nuggets you find in there, and then get on with your day.

Some vendors do a great job of posting their security advisories in RSS, with enough information in there to determine if you need to follow up or not. Some do not, and I wish that they would improve their offerings. Anti-virus (AV) vendors are another mixed bag for RSS feeds, some (like Sophos Plc.) have well-placed RSS feeds, and some (like Symantec Corp.) do not have any RSS feeds available for their latest virus threats. AV lists are a perfect place for RSS, because the content changes so frequently and it is important to keep up.

The RSS readers that I like are Rss Bandit on Microsoft Windows XP and Vienna on Apple Mac OS X. I am not a fan of “in browser” RSS because it suffers from a usability problem at the scale I tend to read news at (hundreds of feeds). Features I really want to see in any good RSS application include search (local and remote, easily integrated) and the discovery of links across items and feeds, highlighting related items.

Right now, it still feels like RSS is just out of the early stages of adoption and we are entering a new phase of its use as more feed generators come on board and more consumers do, too. It will remain a tech-centric feature for the foreseeable future, unless someone comes up with a way to make it more accessible to the home user. Safari (the default OS X browser) already supports RSS and Internet Explorer 7 supposedly supports RSS natively (I don’t use it, and I haven’t looked all that closely), but this is only the first step.

RSS aggregator applications, however, have a long way to go in terms of usability and features, at least for the scale and complexity I find myself working in. it’s a bit of a chicken or the egg problem, with feeds only coming when users expect them, and applications only delivering features users need. However, it is a significant step forward in the information security industry, and this tech-savvy audience is a perfect marketplace to show off what benefits RSS can deliver to information hungry professionals.

This entry was posted on Monday, November 20th, 2006 at 11:43 am and is filed under Arbor Networks, Other. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.