<<<
Chronological Index
>>> <<<
Thread Index
>>>
RE: [ga] Net security's a losing battle
|> From: Kent Crispin [mailto:kent@songbird.com]
|> Sent: Friday, September 28, 2001 9:37 AM
|> On Fri, Sep 28, 2001 at 07:59:48AM -0700, Patrick Greenwell wrote:
|> > > based on the notion that you can build products to plug
|> the holes," said
|> > > Schneier. "But we are losing the battle with computer
|> security. We are
|> > > building new products, but every year gets actively worse."
|> >
|> > F.U.D. The problem is *with* the new products, because
|> organizations are
|> > so rushed to shove product out the door security if it is
|> considered at
|> > all is largely an afterthought. This does not render the problem
|> > unsolvable.
|>
|> Whether it is solvable or not, it is a real problem, not FUD.
The real problem is net admins that don't keep up with the notices and
upgrades. I have a number of Win2K and Linux host that have survived both
Code Red and Nimda. NO ONE writes absolutely secure software, just like NO
ONE writes 100% bug-free systems. With millions of lines of code, it would
take millions of years for exhaustive testing. We can do 100% unit testing,
but current problems are integration level issues. Do multiple units
interact securely?. No one can find all of those permutations prior to
product release, or even post-release.
see http://www.netcraft.com/Survey/
|> > Do away with laughable EULA's(would you buy a car that said
|> > "may blow up or not run at all but we're not
|> responsible?") and start
|> > holding companies accountable for the crap they are
|> foisting upon the public
|> > and I guarantee you'd see a world of change.
|>
|> If everybody would just get along, we would have world peace. The
|> devil is in the details.
--
This message was passed to you via the ga-full@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga-full" in the body of the message).
Archives at http://www.dnso.org/archives.html
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|