Worm city: security is in the eye of the beholder

[Gadi Evron <ge () linuxbox org>]

It isn't often I get something written down in less than 150 words.
Indeed. I thought I'd share it rather than just blog it.

----------

It's difficult living in the world of security researchers. Every other 
day you get depressed knowing there is always yet another vulnerability, 
and if someone wants to, they will get you.

It is also difficult living in the world of security management and 
corporate security, when they try controlling their risk and lower their 
over-all vulnerability.

I am somewhere in the middle. Twice cursed.

Large companies are interesting because all the assets are spread amongst 
different groups, systems, networks, and physical locations.

So.. Combine large companies with large code bases.

What you get is: Worm City (or botnet city if you like). Swiss cheese.

As Vizzini would say: "Inconceivable!" [The Princess Bride (1987) - 
http://www.imdb.com/title/tt0093779/]

This quick post was written quoting parts of a conversation I had with a 
security researcher friend, known only as "anonymous jaded security 
something or other".

Gadi Evron,
ge () linuxbox org.

----------

Originally from: 
http://blogs.securiteam.com/index.php/archives/1002
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.