Re: Cons and Security Validation

["Robert A. Seace" <ras () SLARTIBARTFAST MAGRATHEA COM>]

In the profound words of Rowe, Michael CONT:
> <snip>
> Because, once you offer highly
> desirable prizes (like, say, a big wad of cash ;-)), then you're going
> to attract a whole different set of people coming after your machine;
> and, most of them are probably NOT the type you really want to have
> testing your security...
> </snip>
>
>  I may have missed something, but in the security world, you can now pick
> and choose who you want attacking your machines? Someone forgot to tell
> me... LoL. I thought the idea was to attract ALL kinds of people and see how
> the product holds up under "real world" testing.

        Sure, that's certainly true...  But, my point was that those
focused only on the big cash prize aren't likely to really give
you any useful testing of the product that you can't accomplish
yourself with existing widely-distributed exploits...  Sure,
that's a generalization, of course...  There's got to be a FEW
people who really know what they're doing, and who will come
up with some useful, interesting, and unique attacks to really
test the system; but, yet, who just wouldn't consider it worth
their time to bother with, if there were no money on the line...
And, maybe I'm wrong, but I'd say such people would NOT be the
norm...  I think that, in general, the people who are going to
give you any serious testing are going to be those who not only
aren't doing it for the money, but quite probably would be totally
turned off by a big prize contest, and avoid such a thing...
And, in general, those who would be attracted to such a big prize
contest would NOT be likely to give you very useful testing, but
would rather just use up your bandwidth (either with a ton of them
all trying to break in at once, or just a few of them being lame,
and trying to DoS the machine)... *shrug*  Just my opinion, though...

--
||========================================================================||
||    Rob Seace    ||               URL              || ras () magrathea com ||
||  AKA: Agrajag   || http://www.magrathea.com/~ras/ || rob () wordstock com ||
||========================================================================||
"It is most gratifying that your enthusiasm for our planet continues unabated,
 and so we would like to assure you that the guided missiles currently
 converging with your ship are part of a special service we extend to all of
 our most enthusiastic clients, and the fully armed nuclear warheads are of
 course merely a courtesy detail." - THGTTG