lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1167214354.5129.36.camel@k7.khidr.net>
Date: Wed, 27 Dec 2006 11:12:34 +0100
From: Michael Zimmermann <zim@...aa.de>
To: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: [WEB SECURITY] Re: comparing
	information	security to other industries

Hi Andre and list,

Am Montag, den 25.12.2006, 04:18 -0700 schrieb Andre Gironda:

> here's a disturbing question - when is law enforcement going to mature
> to the point where there is no crime?

Law enforcement and crime have a common cause,
hence one is not going to win over the other ever.

Same is true for bad coding practises and "follow the money"
projects. They create each other to a certain degree.


Our problems cannot be solved only within the 
realm of earning money and selling products.
We need to look deeper and look at what we
are doing to intensify the problems or what 
we could do to lessen them - in our personal
daily environment.

The actual situation is at it is, that cannot
be changed now, the only thing we can change
- perhaps - is what we do and don't do today.


I think, one possible way to improve the situation 
is to follow the money to a lesser degree. In our
own job as well as in our role as a customer.
Ready for that? Ready to live with less money?

Ready to do more for others and get less for yourself?

Ready to support an open source product with your
own unpaid work - or to support it with your money?
Why not an open-source system you are using anyway
or would like to use, if it only existed?


And of course we must be willing to put more time 
into quality-ensuring work of which good documentation
is an important part. Many IT-professionals I know
try to avoid both.


We cannot demand a matured IT if we don't grow up
ourselves first. And if we do, then the IT will
mature around us more or less naturally.



Michael

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ