nanog mailing list archives
Re: product liability (was 'we should all be uncomfortable with the extent to which luck..')
From: Joe Shaw <jshaw () insync net>
Date: Wed, 25 Jul 2001 08:41:59 -0500 (CDT)
On Wed, 25 Jul 2001, Larry Diffey wrote:
The only way that administrators are going to be diligent about patches/updates is for the bean counters to show the CTO/CIO what the bottom line is for not installing updates when something like code red happens.
Not necessarily bean counters, as I've never seen one who could understand that there is very little if any monetary ROI on security products and services, but putting it in tangible terms that management understands is always a good idea. Sometime it plays out like a comedy of errors. I used to work for a company that took in revenue of several billion dollars a year, and who relied heavily on their corporate image and "industry leader" status. For them, it was as easy as showing them the value of not having your web page appear at attrition.org or a story about your company being hacked on cnn. This was our standard argument with managment. "Buy this and allow us to implement it, and the chance of us being a news item become a lot smaller." Of course, then you also have to explain that this alone will not make you immune to any compromise attempt. So, we got a site license for an IDS package, becoming the specific vendor's largest licensee for their IDS product. And we thought all was going well. Then we tried requesting equipment to deploy the software package across the network, and were told there was no justification for it. Apparently the multimillion dollar site license was not justification for spending a couple hundred thousand on hardware.
Then management will crack the whip and the administrators will have to constantly search for updates.
Many vendors, including Microsoft, have a security updates announcement lists. Then there's always the subscription to bugtraq or their new targeted security updates mailling list.
Of course this is all subject to the Dilbert Principle and some companies will get stupid about it:
And in a perfect world these companies would start to suffer from clue atrophy because of a talent exodus. I've certainly seen it happen. But, with the job market the way it is, I think many of us would live with a certain amount of management stupidity in exchange for a steady paycheck. At this point, after being unemployed for almost 5 months after being laid off and working random contracts as they come up, I'd gladly deal with some stupidity for medical benefits and a steady paycheck. However, I think we might be straying from what could be considered on-topic NANOG content. Regards, -- Joseph W. Shaw II Network Security Specialist/CCNA Unemployed. Will hack for food. God Bless. Apparently I'm overqualified but undereducated to be employed.
Current thread:
- 'we should all be uncomfortable with the extent to which luck..' k claffy (Jul 24)
- Re: 'we should all be uncomfortable with the extent to which luck..' Wayne E. Bouchard (Jul 24)
- product liability (was 'we should all be uncomfortable with the extent to which luck..') William Allen Simpson (Jul 24)
- RE: product liability (was 'we should all be uncomfortable with the extent to which luck..') David Schwartz (Jul 24)
- Re: product liability (was 'we should all be uncomfortable with the extent to which luck..') Larry Diffey (Jul 25)
- Re: product liability (was 'we should all be uncomfortable with the extent to which luck..') Joe Shaw (Jul 25)
- Re: product liability (was 'we should all be uncomfortable with the extent to which luck..') Joe Shaw (Jul 25)
- Re: product liability (was 'we should all be uncomfortable with the extent to which luck..') Ryan Tucker (Jul 25)
- Re: product liability (was 'we should all be uncomfortable with theextent to which luck..') Chris Rapier (Jul 25)
- Re: product liability (was 'we should all be uncomfortable with theextent to which luck..') Owen DeLong (Jul 25)
- product liability (was 'we should all be uncomfortable with the extent to which luck..') William Allen Simpson (Jul 24)
- Re: 'we should all be uncomfortable with the extent to which luck..' Wayne E. Bouchard (Jul 24)
- Re: product liability (was 'we should all be uncomfortable with the extent to which luck..') Jonas Luster (Jul 25)
- <Possible follow-ups>
- Re: 'we should all be uncomfortable with the extent to which luck..' Marshall Eubanks (Jul 25)
- Re: 'we should all be uncomfortable with the extent to which luck..' z (Jul 25)
- Re: 'we should all be uncomfortable with the extent to which luck..' Christopher A. Woodfield (Jul 25)
- Re: 'we should all be uncomfortable with the extent to which luck..' Marshall Eubanks (Jul 26)