Re: [WEB SECURITY] A Different CSOonline Article calling out the BS in the security industry

[Pete Herzog <lists@xxxxxxxxxx>]

> "Disclosure" and "Non Disclosure" is a red herring. Better education
> is a better solution.

Better education? How about just the truth for everyone- not just the 
developers.  I think that's the direction full disclosure should be going in.

The problem is users expecting security in products that have not been 
designed for security.  He can argue that users don't want security but 
they do want quality or at least for something to work as designed.  Then 
when something breaks they also want someone to blame.  This is not the 
fault of full disclosure.  This is a common issue of the customer wanting 
it all for a low low price.  The fault here is marketing and greed.  Where 
as we know that the OS like Microsoft's and many of the Linuxes are not 
designed to be used on "hostile networks" they still are.  That's like 
those people who put their frozen dinners in the oven still in the 
cardboard box and then sue the company when the house burns down.  Now all 
frozen meals state clearly "Remove from Box".  Do we need to do the same 
thing on the OS?  I'd like to but I can assure you that it's not going to 
happen and that's not because the general population doesn't need it. It's 
a marketing decision.

-pete.
www.isecom.org

----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]