[WEB SECURITY] A Different CSOonline Article calling out the BS in the security industry

[robert@xxxxxxxxxxxxx]

While looking at the CSO article that jeremiah posted I found a rather interesting article
by Marcus Ranum.


Some quote highlights


"The state of ethics in the computer security industry is pathetic; it’s on par with where medicine 
was in the 1820s—except that some of the snake-oil salesmen in the 1820s actually believed in their products."

"Do you remember the original premise of the disclosure game? By publicly announcing vulnerabilities in products we will force the vendors to be more responsive in fixing them, and security will be better. Remember that one? Tell me, dear reader, after 10 years of flash-alerts, rushed patch cycles and zero-day attacks, do you think security has gotten better?"


"If the proponents of disclosure were right, their stated objective—browbeating the vendors into making their products better—would have been accomplished years ago. "


URL:
http://www2.csoonline.com/exclusives/column.html?CID=28072




Regards,
- Robert Auger
http://www.cgisecurity.com/
http://www.webappsec.org/ 

----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]