[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200506301818.j5UIIqMN018801@mira.taygeta.com>
Date: Thu Jun 30 19:59:09 2005
From: skip at taygeta.com (Skip Carter)
Subject: Re: Publishing exploit code - what is it good for
> I recently had a discussion about the concept of full disclosure with one of 
> the top security analysts in a well-known analyst firm. Their claim was that 
> companies that release exploit code (like us, but this is also relevant for 
> bugtraq, full disclosure, and several security research firms) put users at 
> risks while those at risk gain nothing from the release of the exploit.
> reluctant. Their claim was that based on their own work experience, a 
> security administrator does not have a need for the exploit code itself, and 
> the vendor information is enough. The analyst was willing to reconsider their
 
I think its a question of what the role of the 'security administrator' is within
the enterprise.  If their job is primarily threat evaluation and appropriate
patching/updating in response, then I agree that the publication of an exploit
is not very helpful.  If, however, the job is firewall/IDS management or
incident investigation, then having access to actual exploit code is
extremely valuable to have.
-- 
 Dr. Everett (Skip) Carter           Phone: 831-641-0645 FAX:  831-641-0647
 Taygeta Network Security Services   email: skip@...geta.net
 1340 Munras Ave., Suite 314         WWW: http://www.taygeta.net/
 Monterey, CA. 93940            
Powered by blists - more mailing lists
 
