lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: jan.m.clairmont at citigroup.com (Clairmont, Jan M)
Subject: Response to comments on Security and Obscurity 

Valdis:
Ah so you wish to refine the clairmont-everhardt index of
security vulnerabilities? We are using fuzzy logic rigor.
So what would the formula be:

It would become Kletniek's Corollary to the Clairmont-Everhardt
Index of Security Vulnerability.

Kudos to you Valdis.8->

You are hereby awarded the Paladin of Security Award for Thoughtful
Reductionism  and all the rights and privileges that it entails.
8-> You may pick up your certificate at the nearest staples and 
right in your own recommendation for Paladin of Security Highest 
Achievement Award.

Or write me with a self-addressed stamped envelope I'll send you the 
certificate suitable for framing. Jan Clairmont, Paladin Security/MGO Consulting
					    112 Delaware St. Suite 2
					     New Castle, DE 19720

-----Original Message-----
From: Valdis.Kletnieks@...edu [mailto:Valdis.Kletnieks@...edu]
Sent: Thursday, September 02, 2004 10:39 AM
To: Clairmont, Jan M
Cc: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] Response to comments on Security and
Obscurity 


On Wed, 01 Sep 2004 15:03:03 EDT, "Clairmont, Jan M" said:

> The Clairmont-Everhardt Index of potential Security vulnerability being equal 
> to the (Number of Computers)! * (Number of People using the systems)! * (Number of Ports)!
> * (the Lines of Code)! * (The number of Applications)! * (Number of Routers/Hubs)! 
> and any other factors you wish to include.

Given the "any other factors" clause, I won't ask what mathematically rigorous
reason there is to suspect that the factorial function is the proper one to use. :)

For starters, although our network has well over 2,000 routers/switches/access points,
the number that are directly impacting the security of the computer I'm typing on
is down in the several dozen range.  Similarly, one could make the case that it
should be "(number of computers)" and "(*AVERAGE* number of people per system)"
or a product of "number of users" times "number of systems each user has access to".

And so on....

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ