[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ILEPILDHBOLAHHEIMALBOEINGGAA.jasonc@science.org>
From: jasonc at science.org (Jason Coombs)
Subject: Vulnerability Disclosure Debate
Hmm.
A lock is a permissive measure, to permit you to more easily enter a room, for
instance, without having to destroy a portion of one of its four walls. The
lock is installed in a door. The door is a vulnerability. The lock attempts to
compensate for the door vulnerability. Without the lock the door can be opened
by anyone. With the lock the door can also be opened by anyone who has a foot
attached to a leg and the ability to apply it in a forward kicking motion. The
only difference is that the broken door leaves evidence of the intrusion. The
lock forces the application of destructive force or use of a circumvention
technique. The lock does NOT change the security level of the room, because it
still has a door vulnerability.
I'm pretty sure this is not wrong thinking, and thus my previous comments,
which I stand by after having re-read them.
-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Mike Fratto
Sent: Friday, August 08, 2003 10:22 AM
To: jasonc@...ence.org; 'Matthew Murphy'; 'Full Disclosure'
Subject: RE: [Full-Disclosure] Vulnerability Disclosure Debate
> > with a lock, the primary purpose of it is
> > security -- it has no other purpose.
>
> Everyone gets this wrong.
Including you. :)
Powered by blists - more mailing lists