RE: RE: 40,000 deaths per year - Was: CyberInsecurity: The cost of Mo nopoly

["Christopher F. Herot" <cherot () appliedmessaging com>]

I was only comparing the most serious cases.  If you want a measure of
the economic cost of car accidents, look at your car insurance bill,
multiply that by the number of drivers and compare that total to your
estimate of the economic damage caused by computer security flaws.

If 40,000 people were dying from terrorist attacks, airplane crashes, or
a war, there would be a public outcry.  Presumeably the economic
benefits of automobiles are felt to outweigh the costs.  Probably the
same thing with computer security until the costs get much worse.
 
 

> -----Original Message-----
> From: Schmehl, Paul L [mailto:pauls () utdallas edu]
> Sent: Tuesday, September 30, 2003 1:30 PM
> To: full-disclosure () lists netsys com
>
> > -----Original Message-----
> > From: Christopher F. Herot [mailto:cherot () appliedmessaging com]
> > Sent: Tuesday, September 30, 2003 11:14 AM
> > To: Michael Smith; full-disclosure () lists netsys com
> > Subject: RE: [inbox] Re: [Full-disclosure] CyberInsecurity:
> > The cost of Mo nopoly
> >
> > Actually, the average person doesn't now squat about how to
> > DRIVE a car either.  The result is that 40,000+ people die
> > every year in this country from car "accidents."  I'd say the
> > computer industry is doing pretty well by that standard.
> Now this is a really dumb argument.
>
> How many licensed drivers are there in the US?  60 million?  Your
40,000
> deaths represents .0000667 percent of the total population of drivers.
> And not all 40,000 were driving, so the real percentage is some factor
> smaller than that.  So, the 40,000 very obviously does not represent
the
> "average" driver.  Furthermore, you really have to calcuate the number
> of person/miles driven to see what the real accident rate is, and when
> you do that it's incredibly miniscule.
>
> The death by vehicle rate in America proves that we are doing a very
> *good* job of training people to drive, despite all the anecdotal
> evidence you can conjur up for stupid drivers.
>
> Given that, your analogy is specious at best, but even given that, it
> proves that the computer industry is *much* worse off.  What's the
rate
> of infection for Blaster worldwide, for example?  I haven't seen
> anything definitive, but I'd bet it's in the hundreds of thousands.
And
> we have *perhaps* 100 million computers worldwide?  So the percentage
of
> infections would be in the less than 1% range?  Still much much higher
> than the numbers above.
>
> Paul Schmehl (pauls () utdallas edu)
> Adjunct Information Security Officer
> The University of Texas at Dallas
> AVIEN Founding Member
> http://www.utdallas.edu/~pauls/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html