Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: [SPAM] Re: [Full-Disclosure] Full-disclosure Posts
From: xploitable <xploitable () gmail com>
Date: Mon, 18 Oct 2004 09:03:03 +0100

On Mon, 18 Oct 2004 07:23:56 +0200 (CEST), Hugo van der Kooij
<hvdkooij () vanderkooij org> wrote:
Companies do not care about security. The CEO only works with numbers. If
bad security losses 100k per month but tightening things up loses 105k per
month on productivity they take the 5k per month profit regardless of who
is doing security and leave it open.

It has very little to do with attitude on the security staff. If you want
to work corporate you need to understand corporate thinking.

Taking simple countermeasures to prevent damagae from things like a
Slammer Worm are laughed at untill they get hit and loose 2 days worth of
business. Then they start screaming to get it installed yesterday.

You do not have to like it but that is the sad state we are in.


It stinks and wish it would change.. I guess it never will and corps
will choose money over security, but still look suprised every time
Yahoo! get hacked in one way or another, but will still insist to
journalists that they were doing everything they could for security.

Don't trust the hype and corporate smart talk, the reality is far grimmer.

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]