Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Intrusion Detection Systems: Re: Mod FWD

Re: Mod FWD

From: Marcus J. Ranum <mjr_at_nfr.net>
Date: Fri, 08 Sep 2000 14:14:32 -0400

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner_at_uow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomo_at_uow.edu.au
-----------------------------------------------------------------------------
Jackie Chan wrote:
>It indicates a design process that is not unique to ISS, but is unique to
>any and all software companies where the investors hold the major share of
>the company.

Sorry to argue with you, but I've got proof that it isn't. ;) NFR's
investors, from the inception of the company, owned a majority
of the shares, and we've _NEVER_ pushed something out the door
that has been anything less than the best we could make. Also, back
when I used to build firewalls, I never built anything but the
_BEST_ firewalls I knew how to make. Doing the best you can,
technically, is a habit that's hard to break. Sure, there will always
be products that are mediocre and well-marketed, but there will
always be a niche for the best, too.

> Engineering Typically takes all of it's cues
>from MRD's (Marketing Requirement Documents). Notice there is no
>creativity fed into that process, just stuff that the marketeers have
>deduced, (from customer feedback, and general market analysis), will
>generate more revenue.

Gee, that's not how we design things here at NFR. We
build the best stuff we know how to build, listen to our
customers and competitors, and try to make it better. That's
a marketing function but it's also a technical function; I
am in the middle of both of those.

[...deletia...]

>The blame then lies on us, the ones who should know better and truly wish
>to solve a problem (and hopefully get rich along the way). It is OUR
>responsibility to explain to upper mgmt how this "required" feature will
>generate more revenue. And "everyone else does" doesnt cut it with
>business men. perhaps rewording to "our product will be less than the
>industry standard unless..." would be a better approach.

I don't think assigning blame is worthwhile. Who's to blame,
the people who produce mediocre stuff or the people who justify
the production of mediocre stuff by buying it? I think there's
enough to go around - obviously. It's just not worth playing the
blame game. The only way I know to move ahead is to build the
best thing (whatever it is) you know how to build, and deal
with integrity. Tell your customers why your stuff is good, show
them that it works, and the rest is up to them. Some of them
will still buy junk with a slick paint job, but often they'll come
back to you when they discover beauty is only skin deep.

The recent thread on benchmarks and the kind of bogus posturing
some vendors do is another illustration of the problem. Some
folks buy things based on those kinds of claims, and never
realize they've been snookered. In the long run, though, that
kind of thing comes to light. As long as customers tolerate it,
though, it'll keep happening.

><tongue in cheek>
>But until us jolt cola drinking introverts learn how to persuade the
>business men of this world, we will rely on third party reviews from the
>grass roots of the community to make change in _ANY_ commercial product.
></tongue>

I know your comments are tongue in cheek, but let me react
to them, anyhow. :)

The way to "persuade" businessmen is to become them. The face
of business in America is changing very rapidly, as the technophiles
are now driving a big chunk of the economy. A _hell_ of a lot of
"new businesses" are founded by ex-techies - and we all know there
is never such a thing as an "ex-" techie. Hey, I still run OpenBSD
servers at home, and hack kernel code when I'm not talking to
VCs and investment bankers. I still design the best systems I know
how to design, even if it's no longer me personally that's doing
the building of them.

The times, they are a changin'!

mjr.
-----
Marcus J. Ranum
Chief Technology Officer, Network Flight Recorder, Inc.
Work: http://www.nfr.net
Personal: http://www.ranum.com
Received on Sep 09 2000

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos