RE: death of the security community

["Craig Wright" <cwright () bdosyd com au>]

Hello,
I agree with "The fewer people who are learning about computer security
the bigger the threat becomes". I would have to add that I do not agree
that there was ever a large or significant proportion of people in the
field however.

I would also disagree with the analogy of the flow of information drying
up to just a few drops. There are large deposits of information, papers
educational material etc available. MIT has open learning and offer
course curricula for free.

The difference is that there is a greater requirement for knowledge. One
who could just get into the industry with no training or experience but
to whom the "wizardry" or being a home Linux user propelled forward
would have a hope a decade ago. Now that person is just another
wantabee. Not that things are perfect yet.

The issue is the lack of knowledge generally. Finding basic mathematical
skills is becoming more difficult (Bayesian Networks for Risk - there
are applications). Grammatical skills (writing a report). The technical
skills are becoming easier to find. Unfortunately they are of less use
to an organisation unless they are supported by other skills.

Regards,
Craig

-----Original Message-----
From: John Vill [mailto:kalookalaa () hotmail com]
Sent: 21 March 2006 7:56
To: security-basics () securityfocus com
Subject: RE: death of the security community

Its like video games... PC games used to rule and it was all good. Now
people realize how much money can be made in that industry so theres
just one crappy fps after another because consoles have taken over.
Hmmm, maybe that was a little bit of a stretch but hopefully you get
what I mean. I think the community is already dead. Its not the way it
used to be and it won't be like that again anytime soon. It seems like
the free flow of knowledge has been reduced to a few drops here and
there. The fewer people who are learning about computer security the
bigger the threat becomes.



> I seem not to understand what is happening to the security
> community..The profit and earning a living of the expert in the field
> is going to lead to the death of the security community.Now full
> disclosure movement is getting to be commercial disclosure, whereby
> each security community wants to expliot you to pay them to even get
> the latest vulnerability report and expliot,even when you need it to
> penetrate your server before the bad guy does.Which doesnt aid the
> people of the basics but even helps the scriptkiddie community(the
> greatest fear we face)I hope attention is given to these...and d
> fathers of d security comm' should have a re think, cos the continuity
> of the pursue of profit would bring the security of the internet wide
as an open gate.
> odabo



------------------------------------------------------------------------
---
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich
University program offers unparalleled Infosec management education and
the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity
Planning, Computer Emergency Response Teams, and Digital Investigations.


http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---


Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within 
those States and Territories of Australia where such legislation exists.

DISCLAIMER
The information contained in this email and any attachments is confidential. If you are not the intended recipient, you 
must not use or disclose the information. If you have received this email in error, please inform us promptly by reply 
email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy. 

Any views expressed in this message are those of the individual sender. You may not rely on this message as advice 
unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by 
a Partner of BDO.

BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, 
interception, corruption or unauthorised access.

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------