| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: capegeo at opengroup.org (George Capehart) Subject: Re: MS04-025 - Ignorance is truly bliss.... On Thursday 05 August 2004 18:49, hellNbak allegedly wrote: > On Thu, 5 Aug 2004 someone pretending to have a nmrc email addy wrote: <snip> > > The only mistake you make above is that you paint the entire industry > with the same brush. Yes, I and a lot of people make money in this > industry. We took a hobby and made it a job -- why not? Why not get > paid for something you enjoy. Working in this industry does not > automatically make you a false profit as you explain above. > > Over the long term -- no one will benifet -- and I dont care how big > the paycheck is -- telling a client what they want to hear is not the > way many of us choose to make a living. Sure, there are a lot of > people in EVERY industry that are willing to push ethics aside and do > what it takes for that paycheck but I know I can look myself in the > mirror and say that I am not one of those people. > > Eventually the false prophets are exposed, sure they already got > their paycheck and have moved on to the next sucker but eventually > they run out of suckers and money. > > > What do you hope to achieve, or how do you believe your opinion is > > being relevant or novel, if you come to this audience, and state > > that CERT is no longer credible, and is a bunch of crooks who live > > off selling advance vulnerability warnings? Or that Microsoft is > > not exactly particularly devoted to improving security of their > > products and protecting their customers? > > I hoped to stir some shit up, perhaps give the guys over at > secure@...rosoft.com a bit of a kick in the nuts as there was a time > that they were making at least a little progress. I was hoping to > draw enough attention to this issue that perhaps someone from one of > the major banks will one day sit down and correlate the connection > between vulnerabilities such as this and losses due to fraud. The > only way that any vendor is going to be forced to actually care about > security and actually care about users is when those users mean lots > of $$$ to them. There just might be some hope . . . check out this white paper from PWC on "Integrity-Driven Performance." http://www.cfodirect.com/cfopublic.nsf/f19696b6432afb8b8525690a000c9f67/86a39deb761f514d85256e3f00641442/$FILE/PWC_GRC_WP.pdf (URL might wrap). You can get it from Google if you search on pwc_grc_wp.pdf . . . Cheers, /g
Powered by blists - more mailing lists