lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <871080DEC5874D41B4E3AFC5C400611E06B476FF@UTDEVS02.campus.ad.utdallas.edu>
From: pauls at utdallas.edu (Schmehl, Paul L)
Subject: RE: 40,000 deaths per year - Was: CyberInsecurity: The cost of Mo nopoly

> -----Original Message-----
> From: Christopher F. Herot [mailto:cherot@...liedmessaging.com] 
> Sent: Tuesday, September 30, 2003 11:14 AM
> To: Michael Smith; full-disclosure@...ts.netsys.com
> Subject: RE: [inbox] Re: [Full-Disclosure] CyberInsecurity: 
> The cost of Mo nopoly 
> 
> Actually, the average person doesn't now squat about how to 
> DRIVE a car either.  The result is that 40,000+ people die 
> every year in this country from car "accidents."  I'd say the 
> computer industry is doing pretty well by that standard.
> 
Now this is a really dumb argument.

How many licensed drivers are there in the US?  60 million?  Your 40,000
deaths represents .0000667 percent of the total population of drivers.
And not all 40,000 were driving, so the real percentage is some factor
smaller than that.  So, the 40,000 very obviously does not represent the
"average" driver.  Furthermore, you really have to calcuate the number
of person/miles driven to see what the real accident rate is, and when
you do that it's incredibly miniscule.

The death by vehicle rate in America proves that we are doing a very
*good* job of training people to drive, despite all the anecdotal
evidence you can conjur up for stupid drivers.

Given that, your analogy is specious at best, but even given that, it
proves that the computer industry is *much* worse off.  What's the rate
of infection for Blaster worldwide, for example?  I haven't seen
anything definitive, but I'd bet it's in the hundreds of thousands.  And
we have *perhaps* 100 million computers worldwide?  So the percentage of
infections would be in the less than 1% range?  Still much much higher
than the numbers above.

Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/ 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ