[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] Vulnerability Disclosure Debate
- To: "Mike Fratto" <mfratto@nwc.com>, "'Matthew Murphy'" <mattmurphy@kc.rr.com>, "'Full Disclosure'" <full-disclosure@lists.netsys.com>
- Subject: RE: [Full-Disclosure] Vulnerability Disclosure Debate
- From: "Jason Coombs" <jasonc@science.org>
- Date: Fri, 8 Aug 2003 15:43:44 -1000
Hmm.
A lock is a permissive measure, to permit you to more easily enter a room, for
instance, without having to destroy a portion of one of its four walls. The
lock is installed in a door. The door is a vulnerability. The lock attempts to
compensate for the door vulnerability. Without the lock the door can be opened
by anyone. With the lock the door can also be opened by anyone who has a foot
attached to a leg and the ability to apply it in a forward kicking motion. The
only difference is that the broken door leaves evidence of the intrusion. The
lock forces the application of destructive force or use of a circumvention
technique. The lock does NOT change the security level of the room, because it
still has a door vulnerability.
I'm pretty sure this is not wrong thinking, and thus my previous comments,
which I stand by after having re-read them.
-----Original Message-----
From: full-disclosure-admin@lists.netsys.com
[mailto:full-disclosure-admin@lists.netsys.com]On Behalf Of Mike Fratto
Sent: Friday, August 08, 2003 10:22 AM
To: jasonc@science.org; 'Matthew Murphy'; 'Full Disclosure'
Subject: RE: [Full-Disclosure] Vulnerability Disclosure Debate
> > with a lock, the primary purpose of it is
> > security -- it has no other purpose.
>
> Everyone gets this wrong.
Including you. :)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html