This article was no doubt based on one perspective, and targeted one audience. Unfortunately, it is an outcry by Corporate businessman trying to profit off someones hobbies. Truth is, not everyone deserves to be informed of everything, and of course not everyone can handle it. Just look at national security - do you really think you hear _everything_ that goes on?
Not to mention the assumptions and sterotyping that was flagrant throughout that column. Security through obscurity exists in many forms and is perceived in different ways by a variety of different people (and for important reasons). Personally I am tired of seeing the say winging from some unhappy person trying to benefit for free of other peoples research and discovery. It really is about time we all mature and learn that this constant whining and bickering takes us nowhere. In this columnists "perfect" world, full disclosure would be inevitable but of course there are risks involved, and it no doubt requires a medium to be reached between full and non disclosure. Then there will be those who are outside the bell-curve if you like. Those who he wrongly categorised as intrusive attackers - once again poor stereotyping leads the entire security community astray. If one discovers a bug, he/she is under no obligation to report anything to anyone, it is not the clients responsibility at all, and thus should not
I could rant on for ages, but the point is most people are not getting it. If you had proper security mechanisms in place, and spent enough time on reading up over the plethora of information about vulnerabilities, NIDS/HIDS, prevention methods, secure coding, .. , (split amongst a network engineer, management, outsourced partner etc)then you could be at least sure you have stopped the good majority of intruders. Of course no one is 100% safe, and there never will be - NOT EVEN WITH FULL DISCLOSURE.

Please understand this, and although it is hard to change someones mind altogether, the least I ask is for YOU to contemplate what I have said.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/20/6961#6961