If you want to start a debate/argument/flamewar in security, pick any of the following.
- "Full disclosure" vs "responsible disclosure" vs whatever else
- Threat intelligence sharing
- Value of security certifications
- Exploit sales
- Advanced-ness, Persistence-ness, Threat-ness, Chinese-ness of APT
- Reality of "cyberwar"
- "Builders vs Breakers"
- "Security is an engineering problem," i.e., "building a new Internet is the answer."
- "Return on security investment"
- Security by mandate or legislation or regulation
Did I miss any subjects people raise to "stir the cyber pot?"