Re: Scanners and unpublished vulnerabilities - Full Disclosure

["R. DuFresne" <dufresne () sysinfo com>]

There's one point I think that has not been fully looked at in this
discussion, folks have walked around it, but, avoided a direct hit on it;

over time, with more colsed mouth and kept to the breast vulnerability
information, and less open full disclosure, it requires companies to buy
from so many vendors and maintaining so many products to monitor the
perimiter and inside boarders, and forces folks to use so many different
scanners that the ammount of data to sort through might well become a
real pain, that KISS soon flies out the window.  Makes the chances for
error rise dramtically with costs for all the products required to monitor
all the potential exploits that each package only parcially is geared to
deal with.  

It does seem a shame that the info-sec industry is so bent upon the bottom
dollar and vulture capitalists that to IT community as a whole might well
suffer due to niche carving within it, yet it's been bound to happen...

Thanks,


Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/