Full Disclosure mailing list archives
RE: Vulnerability Disclosure Debate
From: "Jason Coombs" <jasonc () science org>
Date: Fri, 8 Aug 2003 15:43:44 -1000
Hmm. A lock is a permissive measure, to permit you to more easily enter a room, for instance, without having to destroy a portion of one of its four walls. The lock is installed in a door. The door is a vulnerability. The lock attempts to compensate for the door vulnerability. Without the lock the door can be opened by anyone. With the lock the door can also be opened by anyone who has a foot attached to a leg and the ability to apply it in a forward kicking motion. The only difference is that the broken door leaves evidence of the intrusion. The lock forces the application of destructive force or use of a circumvention technique. The lock does NOT change the security level of the room, because it still has a door vulnerability. I'm pretty sure this is not wrong thinking, and thus my previous comments, which I stand by after having re-read them. -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com]On Behalf Of Mike Fratto Sent: Friday, August 08, 2003 10:22 AM To: jasonc () science org; 'Matthew Murphy'; 'Full Disclosure' Subject: RE: [Full-disclosure] Vulnerability Disclosure Debate
with a lock, the primary purpose of it is security -- it has no other purpose.Everyone gets this wrong.
Including you. :) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Vulnerability Disclosure Debate, (continued)
- Re: Vulnerability Disclosure Debate Florian Weimer (Aug 07)
- Re: Vulnerability Disclosure Debate Georgi Guninski (Aug 07)
- Re: Vulnerability Disclosure Debate Geoincidents (Aug 07)
- Re: Vulnerability Disclosure Debate Cesar (Aug 07)
- Re: Vulnerability Disclosure Debate gregh (Aug 07)
- Re: Vulnerability Disclosure Debate Matthew Murphy (Aug 07)
- Re: Vulnerability Disclosure Debate Darren Bennett (Aug 07)
- Re: Vulnerability Disclosure Debate Matthew Murphy (Aug 07)
- RE: Vulnerability Disclosure Debate Jason Coombs (Aug 08)
- RE: Vulnerability Disclosure Debate Mike Fratto (Aug 08)
- RE: Vulnerability Disclosure Debate Jason Coombs (Aug 08)
- Re: Vulnerability Disclosure Debate Darren Bennett (Aug 07)
- Re: Vulnerability Disclosure Debate Florian Weimer (Aug 07)
- Re: Vulnerability Disclosure Debate Valdis . Kletnieks (Aug 07)
- Re: Vulnerability Disclosure Debate Aron Nimzovitch (Aug 08)
- Re: Vulnerability Disclosure Debate Valdis . Kletnieks (Aug 08)
- Re: Vulnerability Disclosure Debate Aron Nimzovitch (Aug 08)
- Message not available
- Re: Vulnerability Disclosure Debate Aron Nimzovitch (Aug 08)