When we think of fighting back, it is all too easy to think of directed force and open combat, but not all self-defense works this way, and many argue that such approaches are sub-optimal. Indeed, the word Judo actually means the “gentle way” and is based upon the concepts of allowing a more powerful opponent to become off balance thereby losing his or her advantage. This “gentler way” is the approach of the Clean Software Alliance, a new initiative aimed at cleaning up the digital ecosystem.

In this talk, we will describe the aims of the Clean Software Alliance at a high level, but only briefly and as an introduction to the topic. Instead, rather than outlining policy and procedures we will describe our attempts to influence the overall software ecosystem so that market forces themselves drive better behavior. In essence, the downloader/bundler problem exists for one reason: monetization. We will demonstrate how we intend to change the reward/punishment system so that the drivers of the market themselves become the force that re-aligns behaviors to the benefit of all. No entity of vendor will be forced to act in any particular way; instead, the simple desire to maximize profitability and sustainability should allow legitimate business to flourish, and be a strong disincentive to those who wish to break the rules of good behavior.   

This kind of “soft” approach is completely different to the typical anti-malware/attacker war of attrition we have been engaged in for so long, and, as digital attacks become more commercial in nature, provides a playbook for us when considering how to influence an entire ecosystem – a system so large that we cannot change it by fiat – using simple and apparently minor changes. By knowing just where to press, we can, with a little bit of luck, change the world. That’s digital Judo, and that’s exactly what the CSA is attempting to do.