Torvalds: Fed up with the 'security circus'

["Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rMslade () shaw ca>]

Well, methinks Linus is going to be "security villain of the week" for a few days 
again.

http://www.networkworld.com/news/2008/081408-torvalds-security-circus.html?hpg1=bn

Problem is, he's actually got a good point.  Unfortunately, his use of "security 
circus" is going to be read as the whole security community, when he is actually 
referring to the lunatic fringes at both ends of the "disclosure" spectrum.  There 
are those who still cling to the outdated and disproved dogma of "security by 
obscurity," and there are the self-promoters (with egos the size of the MS 
Windows Vista source code) who are eager to trumpet any little flaw they find as a 
"security" vulnerability.  Those of us in the trenches have been trying to keep 
vendors and consultants from using these arguments on the uninformed for years.  
Linus is saying the same thing.  He's as frustrated as we are, and for the same 
reasons.  He just uses more sensational phrases.

======================  (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca     slade () victoria tc ca     rslade () computercrime org
    Because the lives of the wicked should be made brief.
    For the rest of us, death will be a relief--
    We all deserve to die!      `Sweeney Todd,' Stephen Sondheim
victoria.tc.ca/techrev/rms.htm blogs.securiteam.com/index.php/archives/author/p1/
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.