RE: Re: Flawed Surveys [was: VPN endpoints]

[Christopher Hicks <chicks () chicks net>]

On Wed, 1 Sep 2004 MHawkins () TULLIB COM wrote:
> In my opinion, there will come a day when a security event will be, for 
> purposes of insurance, considered to be a reportable incident.

I agree totally.  One of my hats is righting claims management software 
for folks who manage medical malpractice claims.  These folks track trends 
over decades and actively work to learn from those trends to avoid future 
claims.  In their world avoiding claims means killing fewer people, 
dropping fewer people off stretchers, making sure nurses can find the 
right stuff to inject into you and so on.  Applying the same mentality to 
computer security would be a truly beautiful thing.  If this sort of thing 
had been going on before now I strongly suspect we'd see a lot more 
firewalls properly configured and regularly monitored and a lot fewer 
Windows boxes waiting to get owned.  And it may not be an ideally 
scientific survey, but it would still be rather helpful.  :)

--
</chris>

There are two ways of constructing a software design. One way is to make 
it so simple that there are obviously no deficiencies. And the other way 
is to make it so complicated that there are no obvious deficiencies.
 -- C.A.R. Hoare

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards