ICANN/DNSO
DNSO Mailling lists archives

[ga-full]


<<< Chronological Index >>>    <<< Thread Index >>>

RE: [ga] Net security's a losing battle


|> From: Kent Crispin [mailto:kent@songbird.com]
|> Sent: Friday, September 28, 2001 9:37 AM

|> On Fri, Sep 28, 2001 at 07:59:48AM -0700, Patrick Greenwell wrote:
|> > > based on the notion that you can build products to plug 
|> the holes," said
|> > > Schneier. "But we are losing the battle with computer 
|> security. We are
|> > > building new products, but every year gets actively worse."
|> > 
|> > F.U.D. The problem is *with* the new products, because 
|> organizations are
|> > so rushed to shove product out the door security if it is 
|> considered at
|> > all is largely an afterthought. This does not render the problem
|> > unsolvable. 
|> 
|> Whether it is solvable or not, it is a real problem, not FUD. 

The real problem is net admins that don't keep up with the notices and
upgrades. I have a number of Win2K and Linux host that have survived both
Code Red and Nimda. NO ONE writes absolutely secure software, just like NO
ONE writes 100% bug-free systems. With millions of lines of code, it would
take millions of years for exhaustive testing. We can do 100% unit testing,
but current problems are integration level issues. Do multiple units
interact securely?. No one can find all of those permutations prior to
product release, or even post-release.

see http://www.netcraft.com/Survey/


|> > Do away with laughable EULA's(would you buy a car that said
|> > "may blow up or not run at all but we're not 
|> responsible?") and start
|> > holding companies accountable for the crap they are 
|> foisting upon the public
|> > and I guarantee you'd see a world of change.
|> 
|> If everybody would just get along, we would have world peace.  The 
|> devil is in the details.

--
This message was passed to you via the ga-full@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga-full" in the body of the message).
Archives at http://www.dnso.org/archives.html



<<< Chronological Index >>>    <<< Thread Index >>>