Re: concerning ~el8 / project mayhem

[Barney Wolff <barney () tp databus com>]

Are you actually capable of evaluating a cardiologist's professional
skills?  I'm not - I'd have to go by reputation and my own general
impression, which is certainly colored by whether doctors follow their
own advice.  If we're going to quote adages, I'll take "Charity begins
at home."

But seriously, I think a security expert owes it to the clients to
follow the same guidelines s/he's touting.  Otherwise you lose touch
with the impact on the user of what you're prescribing.

On Mon, Aug 19, 2002 at 09:16:47AM -0400, Paul D. Robertson wrote:
> On Sun, 18 Aug 2002, Barney Wolff wrote:
>
> > A "recognized security expert" is going to be a target.  Price of fame,
> > and all that.  Would you trust an overweight cardiologist?
>
> Personally, I wouldn't evaluate a cardiologist based on their weight, but 
> on how well they knew cardiology.    
>
> There's an old saying- "The cobbler's children have no shoes" which isn't 
> explained off by saying that the cobbler makes shoddy shoes- but that he's 
> too busy making shoes for others to have produced them for his own 
> children.
>
> Having the data is different than knowning how to evaluate it.  Without 
> knowning a cardiologist's skills in cardiology picking metrics and basing 
> an evaulation on them is like choosing a firewall based on the 
> colo[u]r of its box.  

-- 
Barney Wolff
I'm available by contract or FT:  http://www.databus.com/bwresume.pdf
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards