[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <411CDB5F.9020307@sdf.lonestar.org>
From: bkfsec at sdf.lonestar.org (Barry Fitzgerald)
Subject: (no subject)
Harlan Carvey wrote:
>Barry,
>
>
>
>One other thing I'd like to throw into the mix. This
>whole discussion is being viewed, it seems to me from
>the wrong perspective. The attitude that the entire
>A/V industry should have a common naming convention
>seems to be coming from the open source camp...while
>A/V companies aren't necessarily open source.
>Companies in general are about making money, and you
>do that through establishing and maintaining
>competitive advantages. Expending resources (ie,
>people, money, time, etc) on an endeavor to establish
>and maintain a common naming scheme is an expenditure
>that has very little (if any) ROI...it can't be
>justified to investors.
>
>
>
Agreed in general - though I'm not sure if it's an "open source" issue
specifically... I've known many Free Software/Open Source people who are
opposed to being held to standards bodies and "closed source" people who
are absolutely sticky about adherance to standards. Both perspectives
have their downsides. Nonetheless, that's a nitpicking issue -- your
primary point is absolutely correct: You can't enforce it; They don't
want to do it (and I'm inclined to think they probably shouldn't want to
do it -- it's sort of like telling someone that they have to name their
kid a certain way so that others can pronounce their name); the problem
must be solved some other way.
>How are A/V companies competitive? They identify and
>analyze malware, and update their products. Doing it
>faster and better than the next guy is the key.
>Slowing that process down to coordinate with other
>companies dissolves the advantage. Let's say I
>discover a piece of malware, and call a round table
>meeting...only to find out that none of the other
>members have discovered the malware yet. My advantage
>goes bye-bye.
>
>
>
>
I think that the problem is being looked at as an industry policing
issue when it's really an informational issue.
By this I mean that the issue is in how the information on said malware
is distributed and "digested" by the masses. If there were a central
information repository to go to for all of the advisories and for a
combined write-up, it'd reduce some of the confusion.
It wouldn't cost the AV vendors a thing because it would be a seperate
organization. The trick would be funding. Starting a small site is one
thing, but a site of this magnitude would have to be funded somehow. Ad
revenue probably wouldn't be enough for the
bandwidth/equipment/man-hours to put something like this together...
-Barry
Powered by blists - more mailing lists