Information Security News mailing list archives
Re: Symantec: Boom Times For Hackers (Two messages)
From: InfoSec News <isn () c4i org>
Date: Fri, 19 Mar 2004 05:39:05 -0600 (CST)
Forwarded from: "Jack Whitsitt (jofny)" <xaphan () violating us>
Am I not sure if I am the only one here that is concerned about this fact or not, so here it goes. Isn't it at cross purposes perhaps even a ethical question, that a report like this was created by a company that sells the stuff to prevent all this bad stuff from happening to you? Why has no one ever suggested this before? It seems like a logical conclusion.
It is a logical conclusion if that's the last question you ask. The next thing that needs to be thought about, however, is: How many groups are there with that many resources in that many places who have that many sources of information but don't have some sort of vested interest in the answer? My suspicious is that the answer to that is "none".
For me independent sources, even if only in appearances, would help to validate this information adding credibility and trust.
It appears that each and every group from Symantec to PWC, E & Y and CSI/FBI has a different story to tell and its difficult to tell which one is correct because none of them support each other.
All of them are looking at different data sets with different focuses. Global Trends are usually pretty meaningless unless the questions are asked from a specific viewpoint / vector. Unfortunately, this also means that with different focuses, you see different trends. What is unethical about releasing a report based on your interests (focus and vector) and available data? Nothing unless you're making it up. The fact of being involved in the data might make it poorly suited for court, but stating your view of the world is a perfectly acceptable and - in this case - a probably helpful thing to do. Jack
----- Original Message ----- From: "InfoSec News" <isn () c4i org> To: <isn () attrition org> Sent: Tuesday, March 16, 2004 3:44 AM Subject: [ISN] Symantec: Boom Times For Hackershttp://www.informationweek.com/story/showArticle.jhtml?articleID=18400171 By Gregg Keizer TechWeb News March 15, 2004 Symantec Corp.'s twice-annual Internet Security Threat Report paints a menacing picture, one that security professionals know all too well.
-=- Forwarded from: Julie Ryan <jjchryan () gwu edu> You are not alone, Mark. There is an undercurrent of dissatisfaction with the data available for characterizing the problem space in security. At least one article has been written on this issue, the citation for which follows: Ryan, Julie J.C.H. and Theresa I. Jefferson. ""The Use, Misuse and Abuse of Statistics in Information Security Research," Proceedings of the 2003 ASEM National Conference, St. Louis, MO. The problems inherent in the data not only include a lack of similarity and cross-referencing, but also some subtle and some not-so-subtle problems in some of the research processes. For example, the CSI/FBI survey has long included a disclaimer that the data is not scientifically collected. There are significant issues with item and content level validity as well as in responder biases and conflicts of interest that need to be addressed before any data is interpreted. That has not, however, stopped a whole generation of students, journalists, and government officials from (mis)quoting from the reports as if it were the truth from on-high. On Mar 18, 2004, at 3:29 AM, InfoSec News wrote:
Forwarded from: Mark Bernard <mbernard () nbnet nb ca> Dear Associates, Am I not sure if I am the only one here that is concerned about this fact or not, so here it goes. Isn't it at cross purposes perhaps even a ethical question, that a report like this was created by a company that sells the stuff to prevent all this bad stuff from happening to you? Why has no one ever suggested this before? It seems like a logical conclusion. For me independent sources, even if only in appearances, would help to validate this information adding credibility and trust. It appears that each and every group from Symantec to PWC, E & Y and CSI/FBI has a different story to tell and its difficult to tell which one is correct because none of them support each other. Regards, Mark.
- ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- Re: Symantec: Boom Times For Hackers (Two messages) InfoSec News (Mar 19)