Firewall Wizards mailing list archives
Re: concerning ~el8 / project mayhem
From: Dave Piscitello <dave () corecom com>
Date: Mon, 19 Aug 2002 12:42:24 -0400
Several points, but brief:>the notion that a security person's security is an indication of how well they can
>secure others. ... How many of us worry overly much about this? I do, or did until maybe just now.Anyone's security is a set of interdependencies: the software they run without the benefit of having examined every line of source, the configurations they set that create whatever compromise an individual determines suits his or her needs for connectedness, convenience and security, the trust in 3rd parties providing service, etc. If we all spent as much time reviewing code we run as those intent on breaking code, we'd be running secure systems, save for the fact that we'd be broke and jobless.
>by holding such a high expectation, we're making our >practitioners vulnerable to this kind of blackmail from the hackers.The irony here is that practitioners can only try to make the best of a bad situation - exploited code isn't the practitioner's product, but he's held accountable for not anticipating it?
(* not trusting the expertise of an expert you just paid a ton of money for is stupid by any definition I can think of...)
I've sorted through my many definitions of stupid here. There's an Andersen Consulting joke somewhere that probably fits. But no one's laughing over this any longer, nor is Andersen the only butt of the joke.
David M. Piscitello Core Competence, Inc. & 3 Myrtle Bank Lane Hilton Head, SC 29926 dave () corecom com 843.689.5595 www.corecom.com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: concerning ~el8 / project mayhem, (continued)
- Re: concerning ~el8 / project mayhem Paul D. Robertson (Aug 19)
- Re: concerning ~el8 / project mayhem Barney Wolff (Aug 19)
- Re: concerning ~el8 / project mayhem Darren Reed (Aug 18)
- Message not available
- Re: concerning ~el8 / project mayhem Dave Piscitello (Aug 19)
- Re: concerning ~el8 / project mayhem Paul Robertson (Aug 19)
- Re: concerning ~el8 / project mayhem Tina Bird (Aug 19)
- Re: concerning ~el8 / project mayhem Adam Shostack (Aug 19)
- Re: concerning ~el8 / project mayhem Nate Campi (Aug 19)
- Re: concerning ~el8 / project mayhem Barney Wolff (Aug 19)
- Re: concerning ~el8 / project mayhem Crispin Cowan (Aug 23)