lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
From: xploitable at (xploitable)
Subject: [SPAM] Re: Full-Disclosure Posts

On Mon, 18 Oct 2004 07:23:56 +0200 (CEST), Hugo van der Kooij
<> wrote:
> Companies do not care about security. The CEO only works with numbers. If
> bad security losses 100k per month but tightening things up loses 105k per
> month on productivity they take the 5k per month profit regardless of who
> is doing security and leave it open.
> It has very little to do with attitude on the security staff. If you want
> to work corporate you need to understand corporate thinking.
> Taking simple countermeasures to prevent damagae from things like a
> Slammer Worm are laughed at untill they get hit and loose 2 days worth of
> business. Then they start screaming to get it installed yesterday.
> You do not have to like it but that is the sad state we are in.
> Hugo.

It stinks and wish it would change.. I guess it never will and corps
will choose money over security, but still look suprised every time
Yahoo! get hacked in one way or another, but will still insist to
journalists that they were doing everything they could for security.

Don't trust the hype and corporate smart talk, the reality is far grimmer.

Powered by blists - more mailing lists