On Wed, 1 Sep 2004 MHawkins_at_TULLIB.COM wrote:
> In my opinion, there will come a day when a security event will be, for
> purposes of insurance, considered to be a reportable incident.
I agree totally. One of my hats is righting claims management software
for folks who manage medical malpractice claims. These folks track trends
over decades and actively work to learn from those trends to avoid future
claims. In their world avoiding claims means killing fewer people,
dropping fewer people off stretchers, making sure nurses can find the
right stuff to inject into you and so on. Applying the same mentality to
computer security would be a truly beautiful thing. If this sort of thing
had been going on before now I strongly suspect we'd see a lot more
firewalls properly configured and regularly monitored and a lot fewer
Windows boxes waiting to get owned. And it may not be an ideally
scientific survey, but it would still be rather helpful. :)
--
</chris>
There are two ways of constructing a software design. One way is to make
it so simple that there are obviously no deficiencies. And the other way
is to make it so complicated that there are no obvious deficiencies.
-- C.A.R. Hoare
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Sep 02 2004
Intro
