Educause Security Discussion mailing list archives

Re: Spaf did not receive your email (was Re: [SECURITY ] Job Descriptions)

From: Gene Spafford <spaf () CERIAS PURDUE EDU>
Date: Fri, 28 Feb 2003 10:11:17 -0500

At 5:51 -0500 2/27/03, Howell, Paul wrote:


In short, the different sides of this issue seems like an example of
old-school vs. new-school risk calculations.


Hmm, the "old school" brought us Multics, capability architectures,
security kernels,  trusted design principles, and reference monitors.

The "new school" brought us 1000+ patches per year, the slammer worm,
hundreds of new virus submissions a month, ActiveX, WEP, and DDOS
attacks.


Looks like the "new school " of risk calculations works with much
bigger numbers!

(I couldn't resist.  :-)

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/memdir/cg/.

Current thread:

Re: Spaf did not receive your email (was Re: [SECURITY ] Job Descriptions) Gene Spafford (Feb 28)
- <Possible follow-ups>
- Re: Spaf did not receive your email (was Re: [SECURITY ] Job Descriptions) Gerald N Flynn (Feb 28)
- Re: Spaf did not receive your email (was Re: [SECURITY ] Job Descriptions) Gerald N Flynn (Feb 28)