Firewall Wizards mailing list archives
Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe)
From: "Marcus J. Ranum" <mjr () nfr com>
Date: Tue, 07 Aug 2001 09:59:12 -0400
Darren Reed wrote:
How much does it cost the world to patch these problems up vs the developer to put in place proper testing to find and eliminate these problems before it goes out the door? How can we allow such a critical piece of modern life to be such a pile of rubbish?
Safety technology is _consistently_ one of the last things we apply to any new technology. And we usually apply it only after the lack has been clearly documented, and it's obvious that a high level of damage results from not applying it reasonably consistently. Take my favorite example: cars. In the 1920's you could purchase a "commercial off the shelf car" that could do 60+MPH with relative ease. Never mind the fact that the roadway infrastructures weren't safe for those speeds (until the 1950's) they didn't come with seat belts. Seatbelts were not mandatory until the 1960's. Shoulder straps didn't come in until the 1970's, and airbags in the 1980s/90s. In the late 1970's Lee Iaccoca, the CEO of General Motors, said that they would never put airbags in their cars because customers wouldn't pay for them. So, for the first 20-30 _years_ of the history of personal automobiles, it must have been _accepted_ and even taken for granted that when you ditched your car at speeds approaching 50MPH you _were_ going to eat that big bakelite steering wheel and you _were_ going to need reconstructive surgery. Bummer that reconstructive surgery hadn't been invented, yet... For some reason this was considered "acceptable." Today we consider it acceptable that administrators have to manually install patches on a regular basis. Today we consider it acceptable that our operating environments are trivially hackable out of the box. Today we consider it acceptable that Windows crashes once or twice a day if you're trying to do anything tricky like read Email while you're writing a CD or accessing a digital camera. We're still in the infancy of computers. Darren, you're just ahead of the time. :) mjr. --- Marcus J. Ranum Chief Technology Officer, NFR Security, Inc. Work: http://www.nfr.com Personal: http://www.ranum.com _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Joseph Steinberg (Aug 06)
- Re: Re: Code Red: What security specialist don't mention inwarnings(Frank Knobbe) Paul Cardon (Aug 07)
- Checkpoint rule 0 "unknown est. tcp connection" drops black (Aug 07)
- Re: Checkpoint rule 0 "unknown est. tcp connection" drops Andrew Huffer (Aug 08)
- Re: Checkpoint rule 0 "unknown est. tcp connection" drops black (Aug 10)
- Re: Checkpoint rule 0 "unknown est. tcp connection" drops Lance Spitzner (Aug 10)
- Checkpoint rule 0 "unknown est. tcp connection" drops black (Aug 07)
- Re: Re: Code Red: What security specialist don't mention inwarnings(Frank Knobbe) Paul Cardon (Aug 07)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Darren Reed (Aug 07)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Marcus J. Ranum (Aug 07)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Damir Rajnovic (Aug 07)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Adam Shostack (Aug 07)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Darren Reed (Aug 07)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Adam Shostack (Aug 07)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Darren Reed (Aug 07)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Predrag Zivic (Aug 10)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Adam Shostack (Aug 11)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Adam Shostack (Aug 10)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Marcus J. Ranum (Aug 07)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) R. DuFresne (Aug 08)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Darren Reed (Aug 10)