I would think if Lamo had good intentions he would not ever tell anyone but the company about the problems he encountered. The fact that this article exists in Security Focus indicates that he went straight to the media.

Someone mentioned that security professionals with certifications are clueless. The problem isn't usually clueless security professionals, it's the large corporations in which they have to work. Time to market usually takes priority over security in most large corporations, and security professionals have to fight for the security that they are allowed to put in place. People who work in small companies that have complete control over all of the systems in the network have a better opportunity to put security measures in place, and probably have a hard time understanding the challenges faced by security professionals in large corporate environments, certifications notwithstanding.

The reputation of a company is often more valuable than its assets, and if Lamo were really "just trying to help" he wouldn't destroy the company's reputation so readily just to boost his own.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/340/10763#10763