[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] Fwd: Re[2]: [Dailydave] Security people are leaches. [sic]
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] Fwd: Re[2]: [Dailydave] Security people are leaches. [sic]
- From: Thierry Zoller <Thierry@xxxxxxxxx>
- Date: Tue, 11 Aug 2009 17:14:51 +0200
As Dave seems to have his ongoing NZ filtering going on
again on the DailyDave list, I post it here..
Anybody wants create a list mirroring DD but letting replies through
even if those are against your views?
===8<=================== Original Nachrichtentext ===================
Hi Aaron,
>The 'shades of grey' only exist to security people.
Define "security poeple" ? A complete branch of corporate risk
management is formed of "security poeple". So does this make it "less
of a problem" ?
>To no one else is it important
>that a bug disclose information, allow invalid root access, or escalate
>privileges.
You obviously have not worked with or within a company that has to
balance all sorts of risks. If a kernel bug is slipped upstream
because it was not properly marked as a security issue, it means
potential loss. So since when is loosing money "only important" to
"security poeple". Security = Risk of loss, and Sir this is important
for everybody in the company.
I am astounded how narrow minded some developers have become. Some
apparently never see the complete picture of how a business operates
how potential risks/losses are mitigated and how this impacts the
developers. SDL training seems to need an intruduction on the
fundementals of security, operational and others. A birds-eye view,
maybe if the interconnections are understood some will understand why
it is important.
It's not a technical issue - at all.
PS. Dave - I am not writing comments for you to sent to dev/null, I
consider my time more usefull.
--
http://blog.zoller.lu
Thierry Zoller
===8<============== Ende des Original Nachrichtentextes =============
--- Begin Message ---
- To: Aaron <apconole@xxxxxxxxx>
- Subject: Re[2]: [Dailydave] Security people are leaches. [sic]
- From: Thierry Zoller <Thierry@xxxxxxxxx>
- Date: Fri, 21 Aug 2009 12:20:49 +0200
Hi Aaron,
>The 'shades of grey' only exist to security people.
Define "security poeple" ? A complete branch of corporate risk
management is formed of "security poeple". So does this make it "less
of a problem" ?
>To no one else is it important
>that a bug disclose information, allow invalid root access, or escalate
>privileges.
You obviously have not worked with or within a company that has to
balance all sorts of risks. If a kernel bug is slipped upstream
because it was not properly marked as a security issue, it means
potential loss. So since when is loosing money "only important" to
"security poeple". Security = Risk of loss, and Sir this is important
for everybody in the company.
I am astounded how narrow minded some developers have become. Some
apparently never see the complete picture of how a business operates
how potential risks/losses are mitigated and how this impacts the
developers. SDL training seems to need an intruduction on the
fundementals of security, operational and others. A birds-eye view,
maybe if the interconnections are understood some will understand why
it is important.
It's not a technical issue - at all.
PS. Dave - I am not writing comments for you to sent to dev/null, I
consider my time more usefull.
--
http://blog.zoller.lu
Thierry Zoller
--- End Message ---
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/