| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: yossarian at planet.nl (yossarian) Subject: SQL Slammer - lessons learned (fwd) Steve Wray wrote > One word. Ok two; > Driving Test. > > Do you have a driving license? Yes. Got it 19 cars ago. > Did you buy it from a shop or did you have to demonstrate > an acceptable level of competence? I passed a test for driving a car. Not for a truck or an aeroplane, so I am not allowed to fly a plane or drive a truck. See my analogy with what to qualify on. Three things: The security of the car I drive has been validated - and it is retested every year. If something is wrong with it, the manufacturer or some mechanic repairs it, if I crash because of a design flaw, the manufacturer is liable in court. And now for software and computersystems. Is anyone liable on the vendors side? No. Is the validity of systems tested? No. Is there a retest? No. > > Who administers it? Dunno. It is a legal document and I have to pass tests when I'm over 70, many years from now. So I guess that I am a qualified driver for many years to come, cause I passed a simple test in 1982.... Is it safe? Probably not. But at least both sides of the issue are tested - the car AND the driver. And the car more often. What I really dislike are analogies - they usually simplify the problem so much that the outcome is useless, but convincing.
Powered by blists - more mailing lists