Security Basics mailing list archives
RE: application for an employment
From: Kurt Reimer <greimer () fccc edu>
Date: Thu, 6 Apr 2006 16:45:20 -0400 (EDT)
Further, I believe that it's easy to demonstrate that beyond being strongly biased towards the short-term interests of large organizations that hire electronic security professionals, our present laws and cultural attidudes actually harm the individual user of the internet and society in general, because they basically promote the continuance of an atmosphere in which security weaknesses are allowed to continue to exist.I tend to a different view, that any problems that cannot be fixed essentially for free will only be fixed if they have consequences for those who own and are responsible for them.
Up to this point it sounds like you're agreeing with me.
Were I free to port-scan at will, and free to widely report on the
weaknesses that I uncover, then there would be bad consequences for those
organizations with insecure online presences, and good consequences for
the rest of society. Honest individuals would take their business and
their portfolios elsewhere. Organizations who put their customer's money,
identity, and privacy at risk would be strongly incentivized to stop being
lazy and to fix themselves. And all of this would be accomplished without
any increase in the size of government.
Well, I don't know about that in the abstract. It seems to be that a legal framework in which there is no concept of private property could still be responsible and enforce responsibility. But I'm not advocating any such thing.A legal framework that recognizes ownership seems, to me, a necessary prerequisite for enforcing responsibility. David Gillett
But you've got to realize that this whole thread is about an instance where recognition (indeed, I'd go so far as to call it slavish worship) of property rights is not enforcing responsibility, but rather just the opposite: it's being used as an excuse to dodge responsibility. Rather than take responsibility for weaknesses in their online presence and fix them, offending organizations instead vilify and prosecute anyone who points out those weaknesses.
Yours, Kurt Reimer --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Re: application for an employment, (continued)
- Re: application for an employment c.s.wright (Apr 04)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 04)
- Message not available
- Re: Port scanning/illegalities Ansgar -59cobalt- Wiechers (Apr 05)
- RE: Port scanning/illegalities Ramsdell, Scott (Apr 06)
- Re: Port scanning/illegalities Ansgar -59cobalt- Wiechers (Apr 06)
- Re: Port scanning/illegalities Jeffrey F. Bloss (Apr 07)
- Re: application for an employment Ansgar -59cobalt- Wiechers (Apr 04)
- Re: application for an employment c.s.wright (Apr 04)
- RE: application for an employment Kurt Reimer (Apr 06)
- RE: application for an employment David Gillett (Apr 06)
- RE: application for an employment Kurt Reimer (Apr 07)