Full Disclosure mailing list archives
Re: Support the Sasser-author fund started
From: James Bliss <james.bliss () comcast net>
Date: Sat, 15 May 2004 23:07:14 -0500
Imagine you own a home and installed a security system on all the doors and windows. You set the alarm and leave for a weekend.
OK
A thief comes up to your house, breaks a window, and slides through the opening. The alarm does not go off because the thief found a vulnerability in the security system. Do you blame the security company that installed your intrusion detection system?
Yes, and then I sue the security company for failure to provide what was paid for. I believe this would be a warranty provision which the security company breached.
Plus, most of the software is released to the public in the form of Betas or Release Candidates months ahead of the release date. If identifying security holes was that easy then why aren't there more vulnerabilities reported before the 'gold' release of products.
The primary purpose for this realease is to allow a specific group of developers and software companies the opportunity to prepare for the new release. It is not specifically released for security testing although I am certain that this is performed to a limited extent (although it would be more fruitful if they paid for security audits rather than assume they are performed gratuitously)
I do expect that any computer user should have fundamental security training before using it. After all, the computer is a tool. Nobody should operate a microwave or chainsaw without reading the safety instructions. The same care should be taken for computers.
Therefore we should license computer users and require tests before they are allowed to buy and/or use a computer? Something along the lines of a drivers license? Also, have you seen some of the absurd warning in the operating manuals - 'Do not touch the chain saw blade while in motion'. Perhaps all computers sould have a warning - 'Do not use if you are an idiot'. But then most internet commerce would cease... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Support the Sasser-author fund started, (continued)
- Re: Support the Sasser-author fund started Valdis . Kletnieks (May 13)
- Re: Support the Sasser-author fund started Georgi Guninski (May 13)
- Re: Support the Sasser-author fund started Mister Coffee (May 13)
- Re: Support the Sasser-author fund started Valdis . Kletnieks (May 13)
- Re: Support the Sasser-author fund started Tobias Weisserth (May 13)
- Re: Support the Sasser-author fund started Konstantin Gavrilenko (May 14)
- Re: Support the Sasser-author fund started Tobias Weisserth (May 14)
- Re: Support the Sasser-author fund started Georgi Guninski (May 15)
- Re: Support the Sasser-author fund started Shane C. Hage (May 15)
- Re: Support the Sasser-author fund started Mike Roetto (May 15)
- Re: Support the Sasser-author fund started James Bliss (May 15)
- Re: Support the Sasser-author fund started Ron DuFresne (May 16)
- Re: Support the Sasser-author fund started fd (May 16)
- Re: Support the Sasser-author fund started Seth Alan Woolley (May 16)
- Re: Support the Sasser-author fund started scosol () scosol org (May 16)
- Re: Support the Sasser-author fund started Georgi Guninski (May 16)
- Re: Support the Sasser-author fund started scosol () scosol org (May 17)
- RE: Support the Sasser-author fund started Bill Royds (May 16)
- Re: Support the Sasser-author fund started Shane C. Hage (May 17)
- Re: Support the Sasser-author fund started James Riden (May 17)
- Re: Support the Sasser-author fund started Stormwalker (May 17)