Full Disclosure mailing list archives
RE: RE: 40,000 deaths per year - Was: CyberInsecurity: The cost of Mo nopoly
From: "Christopher F. Herot" <cherot () appliedmessaging com>
Date: Tue, 30 Sep 2003 17:43:06 -0400
I was only comparing the most serious cases. If you want a measure of the economic cost of car accidents, look at your car insurance bill, multiply that by the number of drivers and compare that total to your estimate of the economic damage caused by computer security flaws. If 40,000 people were dying from terrorist attacks, airplane crashes, or a war, there would be a public outcry. Presumeably the economic benefits of automobiles are felt to outweigh the costs. Probably the same thing with computer security until the costs get much worse.
-----Original Message----- From: Schmehl, Paul L [mailto:pauls () utdallas edu] Sent: Tuesday, September 30, 2003 1:30 PM To: full-disclosure () lists netsys com-----Original Message----- From: Christopher F. Herot [mailto:cherot () appliedmessaging com] Sent: Tuesday, September 30, 2003 11:14 AM To: Michael Smith; full-disclosure () lists netsys com Subject: RE: [inbox] Re: [Full-disclosure] CyberInsecurity: The cost of Mo nopoly Actually, the average person doesn't now squat about how to DRIVE a car either. The result is that 40,000+ people die every year in this country from car "accidents." I'd say the computer industry is doing pretty well by that standard.Now this is a really dumb argument. How many licensed drivers are there in the US? 60 million? Your
40,000
deaths represents .0000667 percent of the total population of drivers. And not all 40,000 were driving, so the real percentage is some factor smaller than that. So, the 40,000 very obviously does not represent
the
"average" driver. Furthermore, you really have to calcuate the number of person/miles driven to see what the real accident rate is, and when you do that it's incredibly miniscule. The death by vehicle rate in America proves that we are doing a very *good* job of training people to drive, despite all the anecdotal evidence you can conjur up for stupid drivers. Given that, your analogy is specious at best, but even given that, it proves that the computer industry is *much* worse off. What's the
rate
of infection for Blaster worldwide, for example? I haven't seen anything definitive, but I'd bet it's in the hundreds of thousands.
And
we have *perhaps* 100 million computers worldwide? So the percentage
of
infections would be in the less than 1% range? Still much much higher than the numbers above. Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: 40,000 deaths per year - Was: CyberInsecurity: The cost of Mo nopoly Schmehl, Paul L (Sep 30)
- <Possible follow-ups>
- RE: RE: 40,000 deaths per year - Was: CyberInsecurity: The cost of Mo nopoly Christopher F. Herot (Sep 30)