Re: concerning ~el8 / project mayhem

[ark () eltex ru]

"Marcus J. Ranum" <mjr () ranum com> said :

> > It's time to realize that there are things that are unknown to white hat
> > community and a security expert should _predict risks_ instead of using
> > traditional these days model "there is a bug recently discovered,
>
> Oh, COME OFF IT!!       We've known THAT for EVER.

_We_ did. _THEY_ should be forced into that. The method is no good, but 
others did not work :(

> It's only the desperate vendors and security newbies who subscribe
> to trivial penetrate-and-patch schemes. I've been known to advocate
> penetrate-and-patch-real-fast as an alternative to penetrate-and-patch-in-user-time
> but only out of frustrated desperation. Because the more obvious alternatives
> aren't happening due primarily to market pressures and cluelessness.

You said that. Aren't happening :(
 
[dd]

> So, please don't say "people need to get out of 'penetrate and patch'" when
> lots of us have been saying ALL ALONG that it's a bad idea. :) The fact
> that a huge number of people and organizations continue to do security
> design wrong is not because nobody knows how - unless you cound willful
> ignorance.

So they need a visual demonstration of the fact good design is _required_ and
its absense cannot be compensated with pach-real-fast methods. Looks like they
really do not want to know unless someone will force them. Yes, willful
ignorance, you're right.

                                     _     _  _  _  _      _  _
 {::} {::} {::}  CU in Hell          _| o |_ | | _|| |   / _||_|   |_ |_ |_
 (##) (##) (##)        /Arkan#iD    |_  o  _||_| _||_| /   _|  | o |_||_||_|
 [||] [||] [||]            Do i believe in Bible? Hell,man,i've seen one!
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards