Why it's all snake oil – and that may be ok

Every few years, security vendors entice us with “next generation” security products with 0day detection and we must decide if this product will be our salvation or if it’s more snake oil full of empty promises. Basic theorems of computer science mathematically guarantee that many of the claims made by sales are false without certain allowances, but that doesn’t mean that the products are useless. Understand how to ask the right questions to determine if a security vendors assumptions are valid for your organization. Take a walk through the history of exploitation and computer science theorems to learn how to have an honest conversation about security products and their capabilities.