RE: [Full-Disclosure] Authorities eye MSBlaster suspect

["Chris DeVoney" <cdevoney@u.washington.edu>]

On Friday, August 29, 2003 8:24 AM, Charles Ballowe wrote:
> Interesting -- the net cost of the worm is actually a net 
> $0.00. For every penny that a company chalks up as a cost to 
> the worm, some other company must be chalking up the cost as 
> a profit from the worm. 

Forgive the comment, but that statement is very untrue. As someone else
hinted, companies are diverting manpower from other projects to tackle the
worm. No other company is benefitting from that expenditure.

Then there is the case of academic and medical establishments, of which I
can speak from experience. There were some additional costs in hiring
contractors. But the biggest cost was the diversion of (my estimate)
hundreds of man-weeks to analyzing, patching, remediating, mitigating these
worms from other projects. That wasn't money lost, that was time lost. And
the faculty, staff, students, and everyone who depends on that work loss.

I won't go into fuller details, but because of the heavy dependence of
computing in biotechnology and medical fields, these worms and other
security problems have a larger societial cost. Most university medical
research comes from fixed grants. When you are always trying make those
limited resources stretch, diverting money and time to nonsense like this is
very, very frustrating. These problems do delay medical research and adds to
the cost of medical research without giving human benefits. 

I wish these misceates would consider those implications before converting a
lab server into a warez server when they get hit with a leading-edge or rare
illness. 

cdv

------------------------
Chris DeVoney
Clinical Research Center Informatics
University of Washington
cdevoney@u.washington.edu
206-598-6816 
------------------------






_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html