Re: Mod FWD

[Jackie Chan <blue0ne () igloo org>]

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner () uow edu au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
-----------------------------------------------------------------------------
Wh0a Nellie....

> It raises questions as to how much you can trust a product which took
> four years to reach what other vendors consider a minimum starting
> point.  

You are not talking about some ambiguous product or vendor here, you are
talking about ISS RealSecure.  If you are going to take pot shots... take
the pot shot.

> It indicates a design process driven by marketing rather than
> actually protecting customers' networks.  

It indicates a design process that is not unique to ISS, but is unique to
any and all software companies where the investors hold the major share of
the company.  I dont know how much productized software development you
have done in the past, but what investors look at is the bottom line, they
dont look at how well you protected customers, thats the responsibility of
the CTO not Engineering.  Engineering Typically takes all of it's cues
from MRD's (Marketing Requirement Documents).  Notice there is no
creativity fed into that process, just stuff that the marketeers have
deduced, (from customer feedback, and general market analysis), will
generate more revenue.  

Now obviously the CTO will bang on his or her desk when they feel
passionate about a particular feature.  But then they have to contend with
the current state of the product that is shipping.  How best do we
integrate that feature?, will it kill us financially if we dont add it
immediatley?

> If reviews hadn't begun
> making fragmentation reassembly an issue I wonder if some vendors
> would have bothered implementing it.  

Probably not, thats what competition is all about... welcome to
capitalism.  Thank goodness we have free speech eh?

> Unfortunately marketing will
> always dictate the subset of features a product implements.

So if you already know this, why blame ISS in particular?


>  IDS
> designers however have a responsibility to customers to implement a
> core technology capable of doing the job.  

That would be a nice ideal.  But as stated prior, software vendors
(regardless of product) have only one responsibilty... to generate
revenue. (Ok, im not usually this cynical...)

> IP frag reassembly is part
> of this core.  Vendors who have released (or will release) products
> which don't do it are simply foisting defective products upon
> unsuspecting consumers.
>
> Richard.


I totally agree, but we can not blame one vendor for this.  If you ask any
technical member of ISS if they wished they could have had re-assembly
built in earlier.. of course they will tell you yes.  

The blame then lies on us, the ones who should know better and truly wish
to solve a problem (and hopefully get rich along the way).  It is OUR
responsibility to explain to upper mgmt how this "required" feature will
generate more revenue. And "everyone else does" doesnt cut it with
business men.  perhaps rewording to "our product will be less than the
industry standard unless..." would be a better approach.

<tongue in cheek>
But until us jolt cola drinking introverts learn how to persuade the
business men of this world, we will rely on third party reviews from the
grass roots of the community to make change in _ANY_ commercial product.
</tongue>

-blue0ne