Full Disclosure mailing list archives
Re: [WEB SECURITY] Re: comparing information security to other industries
From: "Dinis Cruz" <dinis () ddplus net>
Date: Fri, 22 Dec 2006 11:21:43 +0000
The problem here is an economic one, unfortunately it seems that we will have to wait for the cost of exploitation of digital (from web sites down) assets is bigger than the money made by those 'insecure' applications. So far, in general, the business model of the attackers has not evolved beyond basic/simple exploits (the ones that have evolved are not significant and probably make enough money without leving much trace). Dinis Cruz Chief OWASP Evangelist http://www.owasp.org On 12/20/06, Nancy Kramer <nekramer () mindtheater net> wrote:
At 03:16 PM 12/19/2006, KT wrote: >What I am trying to figure out is how mature we are and how long will it >take for to get stable? Not very mature and it will take a long time to get stable because programmers are just beginning to be aware of application security requirements and then they need to figure out how to implement them. Remember most programmers came from a client server or mainframe world and they "don't get it". The consumer also doesn't "get it". They work great together. I went to a PHP Conference recently and the creator of PHP said that there is not such thing as a completely secure web application. When failure is a goal you will definitely get there. I know all this because I am a programmer by background. Most people designing web applications know so little about security it is scary. Regards, Nancy Kramer Webmaster http://www.americandreamcars.com Free Color Picture Ads for Collector Cars One of the Ten Best Places To Buy or Sell a Collector Car on the Web -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.409 / Virus Database: 268.15.23/591 - Release Date: 12/17/2006 ---------------------------------------------------------------------------- The Web Security Mailing List: http://www.webappsec.org/lists/websecurity/ The Web Security Mailing List Archives: http://www.webappsec.org/lists/websecurity/archive/ http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
--
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- comparing information security to other industries KT (Dec 19)
- Re: comparing information security to other industries Valdis . Kletnieks (Dec 19)
- Re: comparing information security to other industries coderman (Dec 19)
- Re: [WEB SECURITY] Re: comparing information security to other industries Andre Gironda (Dec 25)
- Re: [WEB SECURITY] Re: comparing information security to other industries coderman (Dec 26)
- Re: [WEB SECURITY] Re: comparing information security to other industries Krainium (Dec 26)
- Re: [WEB SECURITY] Re: comparing information security to other industries Michael Zimmermann (Dec 27)
- Re: [WEB SECURITY] Re: comparing information security to other industries coderman (Dec 27)
- Re: comparing information security to other industries coderman (Dec 19)
- Re: comparing information security to other industries Valdis . Kletnieks (Dec 19)
- Re: [WEB SECURITY] Re: comparing information security to other industries Dinis Cruz (Dec 22)
- Re: [WEB SECURITY] comparing information security to other industries Nick FitzGerald (Dec 21)
- Re: comparing information security to other industries Brian Eaton (Dec 24)
- Re: comparing information security to other industries Michael Zimmermann (Dec 24)