[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Fwd: Rate Stratfor's Incident Response
- To: Kyle Creyts <kyle.creyts@xxxxxxxxx>
- Subject: Re: [Full-disclosure] Fwd: Rate Stratfor's Incident Response
- From: coderman <coderman@xxxxxxxxx>
- Date: Mon, 16 Jan 2012 19:48:03 -0800
On Wed, Jan 11, 2012 at 9:40 AM, Kyle Creyts <kyle.creyts@xxxxxxxxx> wrote:
> I would also like to point out that "finding the bugs" is not the same as
> "fixing the bugs," and that for all the focus that is placed on finding
> them, and lauding the people that do, fixing them is usually pretty
> thankless.
finding the bugs before a product or service is released is also
thankless. as is verifying that bugs are never re-introduced due to
carelessness or oversight.
implementing with robustness, vs. implementing with haste, also
thwarted & thankless pursuit in these times.
not a gap in knowledge or skill, but a gap in practice that dooms
infosec so many places.
> I think shifting that dynamic would be more rewarding if
> "advancing the state of the industry" is really what is valued.
keep up the good fight, sir!
... and don't hold your breath.
;)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/