| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4C6BC8FD.5020704@isecom.org> Date: Wed, 18 Aug 2010 13:50:21 +0200 From: Pete Herzog <lists@...com.org> To: bugtraq@...urityfocus.com Subject: Better Security Through Sacrificing Maidens Hi, The typical enterprise security today is one that is properly prepared to sacrifice something to an attacker now so they will be 100% prepared against it later. There's something wrong with that method and it's part of the reason why ISECOM is taking some very new directions in security that may seem strange or confusing to many security professionals. I have written up my explanation for the changes and it touches on many sticky topics in security: Risk, penetration testing, vulnerability disclosure, Compliance, trust, certification, and defense. One thing that I left out is why we moved away from defense in depth as well. However, that requires a lot more words and the article ended up being perhaps too long as it is. So maybe in a future article. Do keep in mind that I tried to be nice and not lay blame on anyone or any group. So please don't flame me for having a different opinion. Instead, take this as a discussion point because I'm sure you also recognize something about security isn't working. https://www.infosecisland.com/blogview/6646-Better-Security-Through-Sacrificing-Maidens.html Sincerely, -pete. -- Pete Herzog - Managing Director - pete@...com.org ISECOM - Institute for Security and Open Methodologies www.isecom.org - www.osstmm.org www.hackerhighschool.org - www.badpeopleproject.org
Powered by blists - more mailing lists