lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 11 Aug 2009 17:14:51 +0200
From: Thierry Zoller <Thierry@...ler.lu>
To: full-disclosure@...ts.grok.org.uk
Subject: Fwd: Re[2]: [Dailydave] Security people are
	leaches. [sic]


As Dave seems to have his ongoing NZ filtering going on
again on the DailyDave list, I post it here..

Anybody wants create a list mirroring DD but letting replies through
even if those are against your views?

===8<=================== Original Nachrichtentext ===================
Hi Aaron,

>The 'shades of grey' only exist to security people.
Define  "security  poeple"  ?  A  complete  branch  of  corporate risk
management is formed of "security poeple". So does this make it "less
of a problem" ?

>To no one else is it important
>that a bug disclose information, allow invalid root access, or escalate privileges.
You  obviously  have  not  worked with or within a company that has to
balance  all  sorts  of  risks.  If  a  kernel bug is slipped upstream
because  it  was  not  properly  marked  as a security issue, it means
potential  loss.  So  since  when is loosing money "only important" to
"security poeple". Security = Risk of loss, and Sir this is important
for everybody in the company.

I  am  astounded  how  narrow minded some developers have become. Some
apparently  never  see the complete picture of how a business operates
how  potential  risks/losses  are  mitigated  and how this impacts the
developers.  SDL  training  seems  to  need  an  intruduction  on  the
fundementals  of  security,  operational and others. A birds-eye view,
maybe  if the interconnections are understood some will understand why
it is important.

It's not a technical issue - at all.

PS.  Dave  -  I am not writing comments for you to sent to dev/null, I
consider my time more usefull.

-- 
http://blog.zoller.lu
Thierry Zoller

===8<============== Ende des Original Nachrichtentextes =============
Download attachment "1.eml" of type "message/rfc822" (2081 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ