Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] comparing information security to other industries

from [Michael Zimmermann] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] comparing information security to other industries
Date: Sun, 24 Dec 2006 13:54:47 +0100 
Am Dienstag, den 19.12.2006, 12:16 -0800 schrieb KT:

How do we compare to other industries like construction, engineering,
finance? What I am trying to figure out is how mature we are and how
long will it take for to get stable?



Mature? Are you kidding? Computer security ist still mainly only
changing pampers after each incident.

That's because the common systems (software/hardware/social) are not
built for security but for money or fame.


All other industries you have mentioned are having established
procedures, rules and laws how to build their products and verify
the quality. Computer industry hasn't.

Just imagine a construction company who sells their houses only 
to people who sign a legally binding contract, that they accept
the house "as it it", without any guaranty that it is possible to
live in it. If the house breaks down over you and your family
you are elegible to get the money back - and no more. If burglars
celebrate parties in the house while you are at the office,
because it is well known that the backdoor-keys are identical
in all houses of that construction company and key-duplicates 
can be found wherever you find two homeless people doing a chat,
you are told to buy a separate product called "SecuyKeys"
(which costs at least 20% of the original price for the house).

You are not allowed to take the wallpapers from the wall and 
look behind to see how the house is constructed and get sued 
when you publish these so called "vulnerabilities" (which are 
in effect only the results of incomplete, greedy and careless
construction-work)


Just because companies are making money with computer 
security doesn't make it into an "industry".

Why not answer two questions for yourself: 

a)
are the computer systems at large nowadays more secure than 
- say - ten years ago?
b)
how much more money is spent for computer security since then?


The answers point directly to the net effect of what you call
an "industry".


And we - the IT-people - are responseable.


Greetings
Michael


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] new backframe release, pdp (architect)
Next by Date:  Re: [Full-disclosure] comparing information security to other industries, Brian Eaton
Previous by Thread:  Re: [Full-disclosure] [WEB SECURITY] comparing information security to other industries, Nick FitzGerald
Next by Thread:  Re: [Full-disclosure] comparing information security to other industries, Brian Eaton
Indexes:  [Date] [Thread] [Top] [All Lists]