[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Authorities eye MSBlaster suspect

To: morning_wood <se_cur_ity@hotmail.com>
Subject: Re: [Full-Disclosure] Authorities eye MSBlaster suspect
From: Valdis.Kletnieks@vt.edu
Date: Fri, 29 Aug 2003 19:13:50 -0400

On Fri, 29 Aug 2003 14:46:32 PDT, morning_wood said:
> >And has it occurred to you that *MAYBE* his "high paying job" would
> >be more productive if he wasn't spending most of his time having to deal with
> >people breaking in, either proactively or reactively??
> 
> that is his job

You're totally missing the point.

If I'm doing security 30 hours a week, that's 30 hours a week I'm not available
for other things.

That's 30 hours I'm not spending helping do network performance tuning for the
mail server.  I'm sure the 70,000 users of the mail server would prefer that
I was able to do that instead.

That's 30 hours I'm not spending designing a new, more featureful print
management system.  I'm sure the people who get print jobs that we need
to keep running (accounts receivable, invoices, purchase orders, etc) would prefer
I was able to do that instead.

That's 30 hours I'm not spending diagnosing compiler and kernel bugs.  I'm sure
the researcher who has a $2M grant project dead in the water would prefer I was
able to do that instead.

That's 30 hours I'm not spending working on a way to migrate users from Windows to Linux.
I'm sure the people who are looking at a $500K/year bill for Microsoft licenses (and want
a way to save money) would prefer I was able to do that instead.

That's 30 hours I'm not spending deploying a new release of Listserv that has
features that my users are asking for.  I'm sure that many of the users on our
6,023 lists would prefer I was able to do that instead.

You starting to see a pattern here?

And yes, those are *ALL* things that are *part of* "my job".  Many of them are
things I'd enjoy doing more.  All of them are things that would provide more *direct*
benefit to my site than "doing security".

And you can't weasel out by saying "Hire somebody else to do that other stuff"  or
"hire somebody else to do security" - the point is that if we did hire somebody else,
then we'd only have 1 person of the 2 available for productive work.  If we didn't
have to keep spending resources on security, BOTH people would be available then.

PGP signature

Follow-Ups:
- Re: [Full-Disclosure] Authorities eye MSBlaster suspect
  - From: Paul Schmehl <pauls@utdallas.edu>
- Re: [Full-Disclosure] Authorities eye MSBlaster suspect
  - From: Byron Copeland <nodialtone@comcast.net>
- Re: [Full-Disclosure] Authorities eye MSBlaster suspect
  - From: Darren Reed <avalon@caligula.anu.edu.au>

References:
- RE: [Full-Disclosure] Authorities eye MSBlaster suspect
  - From: "Chris DeVoney" <cdevoney@u.washington.edu>
- Re: [Full-Disclosure] Authorities eye MSBlaster suspect
  - From: "morning_wood" <se_cur_ity@hotmail.com>
- Re: [Full-Disclosure] Authorities eye MSBlaster suspect
  - From: Valdis.Kletnieks@vt.edu
- Re: [Full-Disclosure] Authorities eye MSBlaster suspect
  - From: "morning_wood" <se_cur_ity@hotmail.com>

Prev by Date: Re: [Full-Disclosure] Authorities eye MSBlaster suspect
Next by Date: RE: [Full-Disclosure] Authorities eye MSBlaster suspect
Prev by thread: Re: [Full-Disclosure] Authorities eye MSBlaster suspect
Next by thread: Re: [Full-Disclosure] Authorities eye MSBlaster suspect
Index(es):
- Date
- Thread