n3td3v wrote:
Hey, I believe it's right to tell someone when they're wrong and give them credit when they're right... and although I disagree with some of your conclusions, I have to say that you've got a good point here.On 5/10/06, Juha-Matti Laurio <juha-matti.laurio@xxxxxxxx> wrote:threat meters:Seriously, threat meters are a waste of time and should be scraped by all.
About all that these threat meters do is drum people into action. That is, deep down, a good thing, but it's something that people should be careful with. Computers, and in particular computer security, is something that many people think is magic. An organization that is not well mitigated and is not vigilant is as likely to get cracked into during a high threat level as it is at a low threat level... the threat meters do give people a false sense of security and a false sense of fear and really do only measure paranoia.
Now, that's not to say that they don't have a use, but like all tools if it's misused, the results will not necessarily be good. Something to keep in mind.
-bkfsec
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/