| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <242a0a8f0612240643j6f0560a0yf99705488121fbed@mail.gmail.com> Date: Sun, 24 Dec 2006 09:43:01 -0500 From: "Brian Eaton" <eaton.lists@...il.com> To: "Michael Zimmermann" <zim@...aa.de> Cc: full-disclosure@...ts.grok.org.uk, websecurity@...appsec.org Subject: Re: comparing information security to other industries On 12/24/06, Michael Zimmermann <zim@...aa.de> wrote: > are the computer systems at large nowadays more secure than > - say - ten years ago? Some systems are. But not because the software has gotten any better. Organizations have gotten better at defense-in-depth. Consider patch management systems. A decade ago, most companies barely had one at all. Today, companies are evaluating, verifying, and pushing out patches within days of their release. More networks are isolated behind firewalls, and lots of workstations are using host-based firewalls. Even the low-end consumers have gotten better at this: lots more people are using SOHO routers with firewalls instead of a cable modem with a wide open internet connection. The attackers have gotten better as well. But even when the attackers successfully exploit a new vulnerability, organizations are better prepared to deal with the consequences. You might see another codered type vulnerability in IIS, but there is no way it would do as much damage as the original worm. Regards, Brian _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists