Full Disclosure mailing list archives
Re: [WEB SECURITY] comparing information security to other industries
From: "Will Jefferies" <wjefferies () fncinc com>
Date: Tue, 19 Dec 2006 15:02:03 -0600
That's a tough question to address. I don't think the security industry will achieve perfection no more than the other industries you listed. Like the other disciplines, research continues, but so do the evolution of threats. Construction and engineering is plagued with their own set of challenges that must be overcome. Buildings can be engineered and constructed with a high degree of confidence, but a good, strong storm or earthquake can still bring them down. Security is the same in that sense. We can evolve our knowledge and implementations, but a good, strong storm (or careless error) can bring it all down :-) My 0.02 Will ________________________________ From: KT [mailto:ktriv3di () msn com] Sent: Tuesday, December 19, 2006 2:16 PM To: full-disclosure () lists grok org uk; websecurity () webappsec org Subject: [WEB SECURITY] comparing information security to other industries So we have been dealing with information security from last 20 years and still the world is at large lost. We still see banks vulnerable to trivial XSS attacks and software broken by buffer overflows. How do we compare to other industries like construction, engineering, finance? What I am trying to figure out is how mature we are and how long will it take for to get stable? Confidentiality Notice: This message is for the sole use of the intended recipient(s). It may contain confidential or proprietary information and may be subject to the attorney-client privilege or other confidentiality protections. If this message was misdirected, neither FNC Holding Company, Inc. nor any of its subsidiaries waive any confidentiality, privilege, or trade secrets. If you are not a designated recipient, you may not review, print, copy, retransmit, disseminate, or otherwise use this message. If you have received this message in error, please notify the sender by reply e-mail and delete this message.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- comparing information security to other industries KT (Dec 19)
- Re: comparing information security to other industries Valdis . Kletnieks (Dec 19)
- Re: comparing information security to other industries coderman (Dec 19)
- Re: [WEB SECURITY] Re: comparing information security to other industries Andre Gironda (Dec 25)
- Re: [WEB SECURITY] Re: comparing information security to other industries coderman (Dec 26)
- Re: [WEB SECURITY] Re: comparing information security to other industries Krainium (Dec 26)
- Re: [WEB SECURITY] Re: comparing information security to other industries Michael Zimmermann (Dec 27)
- Re: [WEB SECURITY] Re: comparing information security to other industries coderman (Dec 27)
- Re: comparing information security to other industries coderman (Dec 19)
- Re: comparing information security to other industries Valdis . Kletnieks (Dec 19)
- Re: [WEB SECURITY] Re: comparing information security to other industries Dinis Cruz (Dec 22)
- Re: [WEB SECURITY] comparing information security to other industries Nick FitzGerald (Dec 21)
- Re: comparing information security to other industries Brian Eaton (Dec 24)
- Re: comparing information security to other industries Michael Zimmermann (Dec 24)