We've been seeing a bit of media attention of late to diversity as a technique to make networks more secure:
http://news.com.com/2009-7349_3-5140971.html?tag=nefd_lede The usual suspect is Microsoft with 97% of OS's, but Cisco's 86% of the router market has been cited as well as SNMP vulnerabilities of two years ago. The diversity, monoculture and agricutlure analogy makes nice press, but how realistic is diversity as a defense. Is cost the biggest hurdle or limited avaiability of competitive products, or simply no bang for the buck by diversifying. We've run some simulations testing the effects of different levels of diversity, but wanted some feedback on feasibility. http://arxiv.org/abs/cond-mat/0401017 Any comments, feedback or discussion would be greatly appreciated. best, sean
