This post from Scott at SecurityViews got me thinking. Here is a snippet:

People desperately need help in sorting out what security information is relevant to them. Which vendors and technologies to trust, which browsers to use, which updates are important, which sites to give personal information to… it’s not getting any easier.

Weighty, but true. How do you get and/or give the best information out there when you have some knowledge to give?

As Scott points out without quite saying as much, it is about interaction.

It is not about blogs, wikis, written policies, Google searching on a topic, papers, research, etc. It is about grabbing an expert, asking the question, and getting a response back. And in a broader community, getting 5 answers back which can be of differing degrees of correctness which collectively improves everyone.

And that expert needs to be willing to answer the same question 20 times (which web browser should I choose) along with the whole argument to explain the decision. Ask the question, get an answer..

I wonder how many individuals or businesses are out there that would readily ask questions to an expert if they had a few moments to do so? And I’m not talking about, “What would you ask Schneier at dinner,” but common questions that nag like, “Should I worry about IE in my enterprise?” “How bad is vulnerability X?” “Is cloud computing a big deal to me right now?”

What sorts of interaction is there?
– In person; i.e. allow people to ask you questions, even stupid ones.
– forums
– mailing lists
– IRC
– social community sites (ExpertsExchange, ITToolbox types of places)

Blogs are a one-shot deal and then they move on. Wikis are only as good as they are kept updated, kept in scope, searchable, and chunkable…