Secure Coding mailing list archives
What defines an InfoSec Professional?
From: mshines at purdue.edu (Michael S Hines)
Date: Fri, 9 Mar 2007 07:54:48 -0500
I respectfully disagree. The need for a firewall or IDS is due to the poor coding of the receptor of network traffic - so you have to prevent bad things from reaching the receptor (which is the TCP/IP stack and then the host operating system - and then the middleware and then the application). The reason you have to prevent bad things from reaching the receptor (OS) is because of poor coding practices in the receptor (OS). In terms of state diagrams - you have an undefied state in the code - which produces unpredictable actions. Technically speaking, it's undesireable but predictable actions - that's how the software can be used to gain unauthorized entry. And once someone finds the hole - the very mechanism used for protection (networks) is used to spread the story. Kind of like the farmer eating his seed corn. :) Regarding roles - there are many who do Infosec - in many different roles. Law makers, lawyers, Boards of Directors, management, policy staff, technical staff, network engineers, programmers, quality assurance staff, users, ethical hackers, unethical hackers, et al. I'm not sure we're moving the industry forward by trying to say "I am one" but "You are not" - are we? Mike Hines ----------------------------- Michael S Hines mshines at purdue.edu
Current thread:
- What defines an InfoSec Professional? Gunnar Peterson (Mar 08)
- What defines an InfoSec Professional? Shea, Brian A (Mar 08)
- What defines an InfoSec Professional? McGovern, James F (HTSC, IT) (Mar 08)
- What defines an InfoSec Professional? Michael Silk (Mar 08)
- What defines an InfoSec Professional? Greg Beeley (Mar 08)
- What defines an InfoSec Professional? Steven M. Christey (Mar 08)
- What defines an InfoSec Professional? McGovern, James F (HTSC, IT) (Mar 08)
- What defines an InfoSec Professional? Gunnar Peterson (Mar 08)
- What defines an InfoSec Professional? Michael S Hines (Mar 09)
- What defines an InfoSec Professional? Benjamin Tomhave (Mar 09)
- What defines an InfoSec Professional? Shea, Brian A (Mar 08)
- <Possible follow-ups>
- What defines an InfoSec Professional? SC-L Subscriber Dave Aronson (Mar 09)