[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200408061148.48943.capegeo@opengroup.org>
From: capegeo at opengroup.org (George Capehart)
Subject: Re: MS04-025 - Ignorance is truly bliss....
On Thursday 05 August 2004 18:49, hellNbak allegedly wrote:
> On Thu, 5 Aug 2004 someone pretending to have a nmrc email addy
wrote:
<snip>
>
> The only mistake you make above is that you paint the entire industry
> with the same brush. Yes, I and a lot of people make money in this
> industry. We took a hobby and made it a job -- why not? Why not get
> paid for something you enjoy. Working in this industry does not
> automatically make you a false profit as you explain above.
>
> Over the long term -- no one will benifet -- and I dont care how big
> the paycheck is -- telling a client what they want to hear is not the
> way many of us choose to make a living. Sure, there are a lot of
> people in EVERY industry that are willing to push ethics aside and do
> what it takes for that paycheck but I know I can look myself in the
> mirror and say that I am not one of those people.
>
> Eventually the false prophets are exposed, sure they already got
> their paycheck and have moved on to the next sucker but eventually
> they run out of suckers and money.
>
> > What do you hope to achieve, or how do you believe your opinion is
> > being relevant or novel, if you come to this audience, and state
> > that CERT is no longer credible, and is a bunch of crooks who live
> > off selling advance vulnerability warnings? Or that Microsoft is
> > not exactly particularly devoted to improving security of their
> > products and protecting their customers?
>
> I hoped to stir some shit up, perhaps give the guys over at
> secure@...rosoft.com a bit of a kick in the nuts as there was a time
> that they were making at least a little progress. I was hoping to
> draw enough attention to this issue that perhaps someone from one of
> the major banks will one day sit down and correlate the connection
> between vulnerabilities such as this and losses due to fraud. The
> only way that any vendor is going to be forced to actually care about
> security and actually care about users is when those users mean lots
> of $$$ to them.
There just might be some hope . . . check out this white paper from PWC
on "Integrity-Driven Performance."
http://www.cfodirect.com/cfopublic.nsf/f19696b6432afb8b8525690a000c9f67/86a39deb761f514d85256e3f00641442/$FILE/PWC_GRC_WP.pdf
(URL might wrap). You can get it from Google if you search on
pwc_grc_wp.pdf . . .
Cheers,
/g
Powered by blists - more mailing lists