I would tend to agree with Mr. Levy, in that the traditional meaning of a "backdoor" implies both intent and subterfuge, among other things. This is not the equivalent of a "default password", even though the potential outcome of exploiting either vulnerability is roughly the same.

What we are lacking here is a common lexicon, that could provide clear definitions for these, and other, ITSEC terms. Was there not a bugtraq related project that sought to do just this, provide a common set of definitions for terminology related to vulnerabilities?

Further to this question, I would like to see us derive some more "professional" sounding terms for things like "back doors". If we are going to develop ITSEC into a serious profession, we really need to dispense with the "geek speak", and at least attempt to sound serious about our work!

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/25/1599#1599