lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200308292313.h7TNDom8010056@turing-police.cc.vt.edu>
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu)
Subject: Authorities eye MSBlaster suspect 

On Fri, 29 Aug 2003 14:46:32 PDT, morning_wood said:
> >And has it occurred to you that *MAYBE* his "high paying job" would
> >be more productive if he wasn't spending most of his time having to deal with
> >people breaking in, either proactively or reactively??
> 
> that is his job

You're totally missing the point.

If I'm doing security 30 hours a week, that's 30 hours a week I'm not available
for other things.

That's 30 hours I'm not spending helping do network performance tuning for the
mail server.  I'm sure the 70,000 users of the mail server would prefer that
I was able to do that instead.

That's 30 hours I'm not spending designing a new, more featureful print
management system.  I'm sure the people who get print jobs that we need
to keep running (accounts receivable, invoices, purchase orders, etc) would prefer
I was able to do that instead.

That's 30 hours I'm not spending diagnosing compiler and kernel bugs.  I'm sure
the researcher who has a $2M grant project dead in the water would prefer I was
able to do that instead.

That's 30 hours I'm not spending working on a way to migrate users from Windows to Linux.
I'm sure the people who are looking at a $500K/year bill for Microsoft licenses (and want
a way to save money) would prefer I was able to do that instead.

That's 30 hours I'm not spending deploying a new release of Listserv that has
features that my users are asking for.  I'm sure that many of the users on our
6,023 lists would prefer I was able to do that instead.

You starting to see a pattern here?

And yes, those are *ALL* things that are *part of* "my job".  Many of them are
things I'd enjoy doing more.  All of them are things that would provide more *direct*
benefit to my site than "doing security".

And you can't weasel out by saying "Hire somebody else to do that other stuff"  or
"hire somebody else to do security" - the point is that if we did hire somebody else,
then we'd only have 1 person of the 2 available for productive work.  If we didn't
have to keep spending resources on security, BOTH people would be available then.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030829/7796e819/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ