Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: The Morris worm to Nimda, how little we've learned or gained

From: Frederick M Avolio <fred () avolio com>
Date: Fri, 04 Jan 2002 07:16:13 -0500
At 03:44 PM 1/3/02 -0500, Marcus J. Ranum wrote:

R. DuFresne wrote:
>And we have not even broached the topic here of vendor
>responsibility...

There's enough blame that everyone involved can shoulder a ton of guilt.

I've been watching the blame in computer security flow in circles for
years. The flow looks like this:
- The hackers blame the sysadmins who leave their machines open
- The sysadmins blame the vendors who write buggy insecure code
- The vendors blame the customers who place a premium on features over quality



Yes, although the above is not circular.
Vendors give exactly what customers want. I mean *really* want. If security was most important to customers, Check Point wouldn't be the #1 firewall, for example. (Or Cisco.) Microsoft would not be able to get away with shipping security problems-in-waiting. But when money is on the table, features -- and features, NOW not later -- always win. 

That's what keeps our job interesting.
Great editorial, Ron. (In many of the security classes I teach, no one in the room knows what I mean by "the Morris Worm.") 


Fred
Avolio Consulting, Inc.
16228 Frederick Road, PO Box 609, Lisbon, MD 21765, US
+1 410-309-6910 (voice) +1 410-309-6911 (fax)
http://www.avolio.com/

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: