|
Firewall Wizards
mailing list archives
Re: The Morris worm to Nimda, how little we've learned or gained
From: Frederick M Avolio <fred () avolio com>
Date: Fri, 04 Jan 2002 07:16:13 -0500
At 03:44 PM 1/3/02 -0500, Marcus J. Ranum wrote:
R. DuFresne wrote:
>And we have not even broached the topic here of vendor
>responsibility...
There's enough blame that everyone involved can shoulder a ton of guilt.
I've been watching the blame in computer security flow in circles for
years. The flow looks like this:
- The hackers blame the sysadmins who leave their machines open
- The sysadmins blame the vendors who write buggy insecure code
- The vendors blame the customers who place a premium on features over quality
Yes, although the above is not circular.
Vendors give exactly what customers want. I mean *really* want. If security
was most important to customers, Check Point wouldn't be the #1 firewall,
for example. (Or Cisco.) Microsoft would not be able to get away with
shipping security problems-in-waiting. But when money is on the table,
features -- and features, NOW not later -- always win.
That's what keeps our job interesting.
Great editorial, Ron. (In many of the security classes I teach, no one in
the room knows what I mean by "the Morris Worm.")
Fred
Avolio Consulting, Inc.
16228 Frederick Road, PO Box 609, Lisbon, MD 21765, US
+1 410-309-6910 (voice) +1 410-309-6911 (fax)
http://www.avolio.com/
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
 By Date 
By Thread
Current thread:
|
Intro
