darkreading: voting machines

[weld at vulnwatch.org (Chris Wysopal)]

On Mon, 9 Oct 2006, Gary McGraw wrote:

> The most interesting thing from an sc-l perspective about this column is
> that it emphasizes a client need we're often forced to address---the
> need for a demo exploit.  Sometimes those on the receiving end of a
> software security vulnerability don't believe that findings are real.
> An often-repeated excuse for doing nothing is "well, that's just a
> theoretical attack and it's too academic to matter."  I can't tell you
> how many times I've heard that refrain.

In 1998 we put a slogan on the L0pht.com web page.

   "That vulnerability is theoretical." -Microsoft

   L0pht - making the theoretical practical since 1992.

Microsoft doesn't say that line any more.  I guess a few worms can change
your tune.  It seems that you need to get bitten a few times before you
automatically put on the bug spray before heading down to the swamp.

-Chris