The Curmudgeon's Crystal Ball: Security Predictions for 2003

The Curmudgeon's Crystal Ball: Security Predictions for 2003
Richard Forno, 2003-01-15

As we ring in the new year, it's in with the new and out with the old. Or is it? Our fearless forecaster thinks not.

The Curmudgeon's Crystal Ball: Security Predictions for 2003 2003-01-16
Anonymous (1 replies)

Understandable, but the wrong approach. 2003-01-20
Anonymous (1 replies)

I understand the frustration behind this post, but I think it's the wrong approach because it would punish responsible as well as irresponsible vendors.

By notifying the vendor first, two things happen:

- The vendor has time to respond.
- The security community has a stick (full disclosure)
to punish the vendor with if the vendor doesn't respond.

This adds up to a pretty effective incentive for the vendor to react, and react quickly, to newly-discovered security holes.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/135/17850#17850

Understandable, but the wrong approach. 2003-01-24
Anonymous

The Curmudgeon's Crystal Ball: Security Predictions for 2003 2003-01-17
Bob Radvanovsky

The Curmudgeon's Crystal Ball: Security Predictions for 2003 2003-01-17
Anonymous

I got a good prediction for Forno. 2003-01-22
Tradeser (1 replies)

I got a good prediction for Forno. 2003-01-25
Rick Forno