, 2007-10-10
The world of computer security can often be a strange and compelling one. Many outsiders, or those with little knowledge of computers, just don’t understand the whole uproar over various issues, such as whether Microsoft Vista is more secure then Linux or Mac. It’s all moot as far as the general population is concerned. But, for those of us who work in the industry, it is just more grist for the mill.
Expand all |
Post comment
Of hackers and ego
2007-10-16
Anonymous (1 replies)
Anonymous (1 replies)
I fully agree with this. The biggest problem if that security is a relatively new field. As such, primadonas get as much face-time as experts with people skills. Moreover, the issue is not just the people finding the exploits; it is also the people who receive the reports. Too many companies don't want to heard about problems.
With regards to Michael Lynn... I only partially agree with you. While I believe that all parties involved could have handled it better, I believe that Lynn's choice of going public was the right thing to do. I spent 6 months trying to report a vulnerability to Macromedia before going public, and I spent 15 months trying to contact the "right people" in the credit card industry before making my point-of-sale vulnerabilities paper public. The question is not about timing or Lynn's social skills. In particular, you say that Lynn should have tried harder to work with Cisco. Perhaps it is Cisco that should have tried harder to work with Lynn. I do not believe that any additional effort by Lynn would have resulted in any change from Cisco. The question should be directed toward Cisco: why did they choose not to address the problem?
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/454/34744#34744