Full Disclosure mailing list archives
Re: Soft-Chewy insides
From: George Capehart <capegeo () opengroup org>
Date: Fri, 03 Oct 2003 09:22:38 -0400
Schmehl, Paul L wrote: <snip>
I'm not going to disagree with this at all, however I would point out that standards are one thing, implementation entirely another. It's nice to have standards that provide guidance in security structuring, but without the tools to implement those guidelines, they're guidelines and not much more. Only in the past couple of years have we seen any really useful tools in this area, and the prices are out of reach of many organizations. (Like other things in technology, it would be nice if those prices would come down over time.)
<snip examples>
That's what I'm referring to when I say "we, as a security community" have only begun to try addressing these issues. Right now, organizations pretty much have to "roll their own" - not a very efficient way of solving a universal problem.
Hrmmmm. Seems I misunderstood the issues. I wasn't thinking alongthose lines. Sorry 'bout that. :0 But then, I'm afraid there is always going to be the mix-and-match problem. Different products and processes were designed at different times for different purposes to deal with different threat/risk profiles. Plus, everyone's environment is different. There *are* tools that help make the job a little easier, but the best tools for the job are the carbon-based ones . . .
My $0.02. Cheers, George Capehart _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Soft-Chewy insides George Capehart (Oct 03)