nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Q: What do ISPs really think about security issues?

From: "Andre Gironda" <andre () operations net>
Date: Fri, 11 Jan 2008 08:42:07 -0700

On Jan 10, 2008 9:32 PM, Sean Donelan <sean () donelan com> wrote:

Q: What do anti-virus companies really think about security issues?


http://www.nruns.com/ps/The_Death_of_AV_Defense_in_Depth-Revisiting_Anti-Virus_Software.pdf
Of particular interest are the slides on "Vendor responses"...


Q: What do banks really think about security issues?
Q: What do law enforcement agencies really think about security issues?


In order to best answer these types of questions, I suggest you first
read Geekonomics, the dotCrime Manifesto, and Secure Programming with
Static Analysis for some background.

I see a lot of you talking about information sharing, which is great.
How much overlap is there between nspsec and the Financial ISAC?  Is
FIRST the place to go to sort out these issues?

This sort of conversation came up in passing on the botnets
mailing-list only a few months ago -
http://www.mail-archive.com/botnets () whitestar linuxbox org/msg00924.html

I don't see any particular failure of the ISP community.  We all hit
our vendors pretty hard when it comes to security issues, and we
protect and respond to customer issues better than any software vendor
that I'm aware of.

If you want to get involved in security with your local bank, attend a
local OWASP meeting.  If you want to get involved with law
enforcement, attend a local Infragard meeting.

dre
Previous By Date Next
Previous By Thread Next

Current thread: