Full Disclosure mailing list archives
Re: comparing information security to other industries
From: "Brian Eaton" <eaton.lists () gmail com>
Date: Sun, 24 Dec 2006 09:43:01 -0500
On 12/24/06, Michael Zimmermann <zim () vegaa de> wrote:
are the computer systems at large nowadays more secure than - say - ten years ago?
Some systems are. But not because the software has gotten any better. Organizations have gotten better at defense-in-depth. Consider patch management systems. A decade ago, most companies barely had one at all. Today, companies are evaluating, verifying, and pushing out patches within days of their release. More networks are isolated behind firewalls, and lots of workstations are using host-based firewalls. Even the low-end consumers have gotten better at this: lots more people are using SOHO routers with firewalls instead of a cable modem with a wide open internet connection. The attackers have gotten better as well. But even when the attackers successfully exploit a new vulnerability, organizations are better prepared to deal with the consequences. You might see another codered type vulnerability in IIS, but there is no way it would do as much damage as the original worm. Regards, Brian _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: [WEB SECURITY] Re: comparing information security to other industries, (continued)
- Re: [WEB SECURITY] Re: comparing information security to other industries coderman (Dec 26)
- Re: [WEB SECURITY] Re: comparing information security to other industries Krainium (Dec 26)
- Re: [WEB SECURITY] Re: comparing information security to other industries Michael Zimmermann (Dec 27)
- Re: [WEB SECURITY] Re: comparing information security to other industries coderman (Dec 27)
- Re: [WEB SECURITY] Re: comparing information security to other industries Dinis Cruz (Dec 22)
- Re: [WEB SECURITY] comparing information security to other industries Nick FitzGerald (Dec 21)
- Re: comparing information security to other industries Brian Eaton (Dec 24)
- Re: comparing information security to other industries Michael Zimmermann (Dec 24)