| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: jasonc at science.org (Jason Coombs) Subject: Vulnerability Disclosure Debate Hmm. A lock is a permissive measure, to permit you to more easily enter a room, for instance, without having to destroy a portion of one of its four walls. The lock is installed in a door. The door is a vulnerability. The lock attempts to compensate for the door vulnerability. Without the lock the door can be opened by anyone. With the lock the door can also be opened by anyone who has a foot attached to a leg and the ability to apply it in a forward kicking motion. The only difference is that the broken door leaves evidence of the intrusion. The lock forces the application of destructive force or use of a circumvention technique. The lock does NOT change the security level of the room, because it still has a door vulnerability. I'm pretty sure this is not wrong thinking, and thus my previous comments, which I stand by after having re-read them. -----Original Message----- From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Mike Fratto Sent: Friday, August 08, 2003 10:22 AM To: jasonc@...ence.org; 'Matthew Murphy'; 'Full Disclosure' Subject: RE: [Full-Disclosure] Vulnerability Disclosure Debate > > with a lock, the primary purpose of it is > > security -- it has no other purpose. > > Everyone gets this wrong. Including you. :)
Powered by blists - more mailing lists