lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <6158bb410812050532l5aaa026dofd91f6906cd351f6@mail.gmail.com>
Date: Fri, 5 Dec 2008 08:32:44 -0500
From: Ureleet <ureleet@...il.com>
To: n3td3v <xploitable@...il.com>
Cc: full-disclosure@...ts.grok.org.uk,
	"Valdis.Kletnieks@...edu" <Valdis.Kletnieks@...edu>
Subject: Re: Project Chroma: A color code for the state
	ofcyber security

i think that color rating is pretty much retarded w/out sumthing 2
back it up.  if there is a reason to raise it, then fine, but keeping
the color at 2 (iss) or yellow (symantec) all the time doesnt do
anything.  its like the homeland security colors in teh united states.
 if its at yellow all the time, yellow becomes teh new green.

On Thu, Dec 4, 2008 at 11:10 PM, n3td3v <xploitable@...il.com> wrote:
> On Fri, Dec 5, 2008 at 3:59 AM,  <Valdis.Kletnieks@...edu> wrote:
>> On Fri, 05 Dec 2008 03:48:49 GMT, you said:
>>
>>> answer that on this list? A sweeping guess would be red for danger,
>>
>> No, if you sell security products, you *dont* want it to be red, because
>> that gives the impression that your already-deployed sales aren't doing
>> a good enough job of stopping the badness.
>>
>> "It's RED, buy our product."
>> "Why? If your product actually *worked*, why should it be RED?"
>>
>
> I'm coming to the conclusion that most folks benefit from it being at
> a moderate level, between green and amber. They can flick it between
> the two and not get into too much trouble, while keeping observers
> stimulated with interest?
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ