| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <m2wf37852831004221708qdeafd3cbq427036335d394756@mail.gmail.com> Date: Thu, 22 Apr 2010 17:08:16 -0700 From: Mike Hale <eyeronic.design@...il.com> To: Christopher Gilbert <motoma@...il.com> Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>, security-basics@...urityfocus.com Subject: Re: Compliance Is Wasted Money, Study Finds Their conclusions are based, IMO, on a flawed methodology. With some conservative assumptions, the paper indicates that companies actually spend 50% of their budget protecting secrets versus 20% on complying with external regulations. I wrote up a more thorough response which I'll post in a few days when I've proof-read it some more. On Thu, Apr 22, 2010 at 4:48 PM, Christopher Gilbert <motoma@...il.com> wrote: > The paper concludes that companies are underinvesting in--or improperly > prioritizing--the protection of their secrets. Nowhere does it state that > the money spent on compliance is money wasted. > > On Wed, Apr 21, 2010 at 5:44 PM, Mike Hale <eyeronic.design@...il.com> > wrote: >> >> I find the findings completely flawed. Am I missing something? > > -- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists