Re: [WEB SECURITY] A Different CSOonline Article calling out the BS in the security industry

[Gervase Markham <gerv@xxxxxxxx>]

robert@xxxxxxxxxxxxx wrote:
> "If the proponents of disclosure were right, their stated
> objectiveïbrowbeating the vendors into making their products
> betterïwould have been accomplished years ago. "

That assertion can't stand unless we have two Earths, and we do 
different things on each and compare the results.

We don't know whether security would suck even more without the 
disclosures than it does now.

There are positives. Microsoft's position on the relative importance of 
security compared to things like usability, convenience and backwards 
compatibility has been transformed over the past five years. I'm sure 
one driver for this was the continued negative publicity surrounding the 
published holes in their products, and the exploitation of them 
(Slammer, anyone?).

Gerv

----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]