Full Disclosure mailing list archives

Re: Response to comments on Security and Obscurity

From: Über GuidoZ <uberguidoz () gmail com>
Date: Fri, 3 Sep 2004 02:33:58 -0400

Personally, I feel it's a VERY valid point. If the only way to fix
something, for example, is by training and education, it's entirely
possible the time (and resources) necessary to do such a thing isn't
there.

secfocuslist () yahoo com said:

If you do not have time, and the audience does not care
enough to spend the time, then the battle is already lost.


I believe this is entirely two different things (you do not have the
time and the audience doesn't care), and usually they don't exist at
once in a given situation. (It's one or the other.) However, I will
agree that the battle will be lost if no one cares or tries to do
anything in a given situation.

James Tucker said:

I apologise, but I have spent most of my life at this and I don't know
everything, I doubt my audience would donate that much time, even
if I gave it.


Agreed. I've been down the same path and have met with resistence when
I tried to provide the time and resources necessary to solve a given
problem. More often then not I find it's the "audience" that is
unwilling. They don't want to take the time to learn something new,
train their staff something new, or provide the money to do all, or
any of, the above. Pity.

-- 
Peace. ~G


On Thu, 2 Sep 2004 22:42:27 +0100, James Tucker <jftucker () gmail com> wrote:

On Thu, 2 Sep 2004 12:53:20 -0700 (PDT), Security List
<secfocuslist () yahoo com> wrote:

Mr. Tucker wrote:

Maybe, but you have to educate people somehow, and

you don't have time

to explain everything.


This is an excuse and the weak point.  If you do not
have time, and the audience does not care enough to
spend the time, then the battle is already lost.


I apologise, but I have spent most of my life at this and I don't know
everything, I doubt my audience would donate that much time, even if I
gave it. But thank you for your encouragement.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: Re: Security & Obscurity: physical-world analogies, (continued)
- - - Re: Re: Security & Obscurity: physical-world analogies James Tucker (Sep 02)
    - Re: Re: Security & Obscurity: physical-world analogies Frank Knobbe (Sep 02)
    - Re: Re: Re: Security & Obscurity: physical-world analogies James Tucker (Sep 02)
    - Re: Security & Obscurity: physical-world analogies gadgeteer (Sep 03)
    - Re: Re: Security & Obscurity: physical-world analogies Tig (Sep 03)
    - Message not available
    - Re: Re: Security & Obscurity: physical-world analogies gadgeteer (Sep 03)
    - Re: Re: Security & Obscurity: physical-world analogies ASB (Sep 05)
- RE: Response to comments on Security and Obscurity Clairmont, Jan M (Sep 02)
- Re: Response to comments on Security and Obscurity Security List (Sep 02)
  - Re: Response to comments on Security and Obscurity James Tucker (Sep 02)
    - Re: Response to comments on Security and Obscurity Über GuidoZ (Sep 03)