Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security VulnWatch
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Your Opinion

from [Forrest J. Cavalier III] Network Security [Permanent Link]
Subject: Re: Your Opinion
Date: Fri, 16 Mar 2007 15:56:23 -0400 
Mark Litchfield wrote:

I have heard the comment "It's a huge conflict of interest" for one company to provide both an operating platform and a security platform" made by John Thompson (CEO Symantec) many times from many different people. See article below.

http://www2.csoonline.com/blog_view.html?CID=32554

In my personal opinion, regardless of the vendor, if they create an OS, why would it be a conflict of interest for them to want to protect their own OS from attack. One would assume that this is a responsible approach by the vendor, but one could also argue that their OS should be coded securely in the first place. If this were to happen then the need for the Symantec's, McAfee's of the world would some what diminsh.

Anyway I am just curious as to what other people think. 

From a technical standpoint, of course everyone at an OS vendor, even down
to the janitors, wants their OS secure as possible.

But the problem isn't the desire or the knowledge of the technology.

Anytime Thompson, or any software publisher CEO uses a vague term like "security platform," you know they have a marketing hat on, and their comments are going to be largely devoid of supporting detail. That is not an indication these people are ignorant.

Second, I think at least part of what he left out is that developing, deploying, and maintaining software that performs malware identification and mitigation is a multi-faceted task. In fact, all software publishing is complicated. Success requires some marketing, a lot of research, some high-traffic and spiked distribution server access patterns, a clean parking lot, janitors, and did I mention some actual software development too?

So yes, there are lots of ways to get distracted. Budget politics, marketing
choices, shareholder dividends, talent shortage, growth, acquisitions (did someone say Veritas?), currency fluctuation.

Claiming "conflict of interest" is a diversion. The truth, I think, is that
competition keeps vendors honest, on their toes, and delivering increased value at decreased price. Symantec would improve if they faced more competition, and MicroSoft would improve if they faced more competition. It's how a free market works.

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [VulnWatch] Rhapsody IRC 0.28b (NICK) Multiple fs and bof vulnerability, starcadi
Next by Date:  RE: Your Opinion, Alex Eckelberry
Previous by Thread:  RE: Your Opinion, Jim Harrison
Next by Thread:  Re: Your Opinion, Paul Stepowski
Indexes:  [Date] [Thread] [Top] [All Lists]