※ “Quantum” Doesn’t Solve Anything for Cybersecurity

What security problem is “quantum” trying to solve? Would quantum solve Solarwinds? Heartbleed? Log4Shell? The 2016 DNC compromise? Any number of the social engineering-based attacks we see month after month? No, no, no, no, and no.

“Quantum” is specifically solving the problem of cryptographic primitives: that some of the fancy math problems we use to keep other humans from guessing how to unscramble our data eventually might be solvable by superscale quantum computers.

The argument you’ll often hear from quantum zealots is: “imagine if the primitives that were beneath your feet just vanished.” I don’t have to imagine, bro, that happens in software security every fucking day.

Via Kelly Shortridge.

Quantum falls in that void of things CISOs wave vaguely at when they ask consultants, “What should I do?” Other things that qualify are blockchain, AI, and any number of buzzword bits the CEO or Board members read about in the Wall Street Journal that morning and asked the CISO for the organization’s readiness/position/point of view. Effort is expended, focus changed, and attention redirected to formulate a response.

Meanwhile, and I am hitting my favorite drum again, things that could improve the organization’s current security posture, threat management, and organizational risk are being given short shrift or put off.