lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: peter at bank-connect.com (Peter van den Heuvel)
Subject: Microsoft Cries Wolf ( again )

>>It 
>>would make more sense to research a bit more into why people do this, 
>>how they could be convinced to be more social, and most particularly, 
>>how the process of "decent" disclosure could be facilitated. 

> Research?  Please!?!?!?!  Subjects like this have been researched to
> death.  It doesn't matter *why* people do it.  The fact is that they
> *do* and they always will.  No amount of research, no laws, no cajoling,
> no berating, no belittling is ever going to change human behavior.  Why
> do you think the Serbs and Bosnians have been fighting each other since
> the 14th century?  Because it makes sense?  Because it's the right thing
> to do?  Because it's responsible?

No. The point is far simpler. If you encounter something you consider a 
problem, you take measures. One should research the effectiveness of 
those measures and possiblities to improve them together with the 
problem itself; one is meaningless without the other. It is my feeling 
that there is quite some space for improvement in the way "the industry" 
is trying to deal with the problem.

One quick word on your Bosnian example. On this globe there are areas of 
more and of less stability. These differences have a reason beyond 
simply the nature of the people that live there. Understanding is 
essential to the effectiveness of all parties trying to cope with those 
problem area's. Unfortunately this insight seems to be hampered by most 
helpers actually being part of the problem. What a nice example.

Then of course my initial Email did not declare uncontrolled immediate 
disclosure as the most elegant of things imaginable; nor did it state it 
was the most horrid thing I could think of. But you had no doubt 
intercepted that.

Peter

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ