Firewall Wizards mailing list archives
Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem )
From: Paul Robertson <proberts () patriot net>
Date: Mon, 26 Aug 2002 11:18:47 -0400 (EDT)
On Mon, 26 Aug 2002, B. Scott Harroff wrote:
Your opinion is its better to do nothing and let 100% get though then though a combination of technology / process / policy that stops 95%?
No, it's my opinion[1] that it's _safer_ from a legal standpoint to do so. I'm pretty sure that I saw yet another case in the last couple weeks on some list somewhere (Cyberia perhaps) that hinged on this, though it may have been in a presentation at a forensics conference I attended week before last. If I had a Lexus account, I'd 98% sure I'd be able to produce actual case citations.
I think one would be better of showing "intent to protect and missing one instance or two" than "doing nothing about a known problem".
Logic would work that way, unfortunately, the law doesn't seem to. Paul [1] I'm not a lawyer and I don't play one on the 'Net, but I've had extensive discussions about this with real lawyers in real business environments. ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Crispin Harris (Aug 21)
- RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) R. DuFresne (Aug 22)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) B. Scott Harroff (Aug 22)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Adam Shostack (Aug 23)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) B. Scott Harroff (Aug 23)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Dave Piscitello (Aug 25)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) B. Scott Harroff (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Paul D. Robertson (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) B. Scott Harroff (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Paul Robertson (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) R. DuFresne (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) B. Scott Harroff (Aug 22)
- Message not available
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Dave Piscitello (Aug 26)
- RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) R. DuFresne (Aug 22)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Paul D. Robertson (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) R. DuFresne (Aug 25)
- <Possible follow-ups>
- RE: Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Kalat, Andrew (ISS Atlanta) (Aug 22)
- Re: Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) B. Scott Harroff (Aug 22)
- RE: Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Kalat, Andrew (ISS Atlanta) (Aug 22)