RE: death of the security community

["Craig Wright" <cwright () bdosyd com au>]

Hello,
You have stated "scriptkiddie community(the greatest fear we face)". In
ignorance maybe. Risk. Threat=medium-large (at best), impact=low,
likelihood=medium, Risk=low-medium.

More FUD. Things change, they evolve. Move with the times. The issue is
the availability of patches for most people. Having a disclosed
vulnerability does not help, it makes the "scriptkiddies" more effective
and makes mitigation more difficult.

The security of the Internet is a wide gate. There are to use your
analogy a few closed paddocks, but it is in general a wide open field. A
commons. Vulnerability pimping is a separate issue and not related to
your basic argument - the (slow) growth of professionalism in the
industry. The Internet has grown as a result of commerce and commercial
activity, not despite it.

Regards,
Craig

-----Original Message-----
From: buriedanonymous () yahoo com [mailto:buriedanonymous () yahoo com]
Sent: 20 March 2006 2:02
To: security-basics () securityfocus com
Subject: death of the security community

I seem not to understand what is happening to the security
community..The profit and earning a living of the expert in the field is
going to lead to the death of the security community.Now full disclosure
movement is getting to be commercial disclosure, whereby each security
community wants to expliot you to pay them to even get the latest
vulnerability report and expliot,even when you need it to penetrate your
server before the bad guy does.Which doesnt aid the people of the basics
but even helps the scriptkiddie community(the greatest fear we face)I
hope attention is given to these...and d fathers of d security comm'
should have a re think, cos the continuity of the pursue of profit would
bring the security of the internet wide as an open gate.

odabo

------------------------------------------------------------------------
---
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich
University program offers unparalleled Infosec management education and
the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity
Planning, Computer Emergency Response Teams, and Digital Investigations.


http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---


Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within 
those States and Territories of Australia where such legislation exists.

DISCLAIMER
The information contained in this email and any attachments is confidential. If you are not the intended recipient, you 
must not use or disclose the information. If you have received this email in error, please inform us promptly by reply 
email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy. 

Any views expressed in this message are those of the individual sender. You may not rely on this message as advice 
unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by 
a Partner of BDO.

BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, 
interception, corruption or unauthorised access.

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------