[Courses] [Security] Inside Attacks
Jenn Vesperman
jenn at anthill.echidna.id.au
Wed Mar 27 21:15:32 EST 2002
On Wed, 2002-03-27 at 09:38, Raven, corporate courtesan wrote:
> <opinion-filled rant> I completely fail to see the point of
> this. After all, the person who found the hole didn't have to notify
> the company. Most of them won't. If someone wrote me with a "hey, look
> at this" about my company, I'd be really grateful that I was made aware
> of the problem (and then, really paranoid about how long it had been
> there without me knowing). You bet I'd be using Tripwire or something
> to check the integrity of my data. But I think killing the messenger is
> self-defeating -- who's going to tell you about your problems then? No
> matter how good one sysadmin is, you can't find every hole or notice
> every problem. I think that a responsible method of disclosure should
> be encouraged and rewarded, not punished. </opinion-filled rant>
>
Some people have a 'thing' about being proved to be wrong, or a 'thing'
about making mistakes. They just can't accept it, and tend to blame the
person bringing the mistake to their attention - or anyone else they can
find.
Personally, I think that trait alone can make a person incompetent to do
anything where they must be trusted to do things right. I'd rather have
things done by someone who can say 'Oh? Did I get that wrong? Fine, I'll
fix it. Thanks for telling me.'
<sarcasm>
But what do I know? I don't have a Masters of Business, I can't know
anything.
</sarcasm>
(there are people who seem to think that way. Grah.)
Jenn V.
--
"Do you ever wonder if there's a whole section of geek culture
you miss out on by being a geek?" - Dancer.
jenn at anthill.echidna.id.au http://anthill.echidna.id.au/~jenn/
More information about the Courses
mailing list