Re: comparing information security to other industries

["Brian Eaton" <eaton.lists () gmail com>]

On 12/24/06, Michael Zimmermann <zim () vegaa de> wrote:
> are the computer systems at large nowadays more secure than
> - say - ten years ago?

Some systems are.  But not because the software has gotten any better.
 Organizations have gotten better at defense-in-depth.

Consider patch management systems.  A decade ago, most companies
barely had one at all.  Today, companies are evaluating, verifying,
and pushing out patches within days of their release.  More networks
are isolated behind firewalls, and lots of workstations are using
host-based firewalls.  Even the low-end consumers have gotten better
at this: lots more people are using SOHO routers with firewalls
instead of a cable modem with a wide open internet connection.

The attackers have gotten better as well.  But even when the attackers
successfully exploit a new vulnerability, organizations are better
prepared to deal with the consequences.

You might see another codered type vulnerability in IIS, but there is
no way it would do as much damage as the original worm.

Regards,
Brian

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/