top | item 45696667

(no title)

lbourdages | 4 months ago

I was at a security conference recently and one of the presentations had some TLP:RED slides in it.

I couldn't help but find that pointless. The conference is open to the public, the only barrier to entry being a small amount of money to purchase a ticket. How would that prevent bad actors from signing up to access the sensitive information?

It absolutely makes sense when used within an organization where access/membership is properly vetted, but there, I feel like there was no point.

discuss

integralid|4 months ago

You're completely right: if that's not an invite only or vetted conference (that exist), this is just a marketing gimmick to grab people attention. People who do that either don't understand what you feel intuitively, or do this attention grabbing thing intentionally. Just like "no media" presentations that just post their slides online later.

9x39|4 months ago

You're right that it doesn't make sense. It suggests a failure in data handling (who can I share this with?).

A lot of these are borrowed from the US .gov in which prosecution is a relatively effective way to get compliance with these policies, but, and I'll take some license here, are copied to appear sophisticated by unsophisticated players outside of that.