VK, Obviously there are more than a few whitehats that can't actually do any real work (redundant?). Who evidently want to keep the FUD to manageable levels for job security reasons. By the way: if you find security boring it might be time to switch hats...
-Travis On Thu, Jul 9, 2009 at 4:49 PM, <valdis.kletni...@vt.edu> wrote: > On Thu, 09 Jul 2009 15:12:01 EDT, T Biehn said: >> At first I was confused that a whitehat was decrying fear-mongering. >> Then I realized; Whitehats love fear mongering but with some finesse, >> lest anyone become fearful enough to actually create/implement secure >> software/systems. > > I hope you realize that a fair number of whitehats actually *do* want people > to get fearful enough to actually create secure stuff, because the more secure > deployable stuff that's out there, the less time we have to spend on security. > A lot of us have more job responsibilities than just security, and for us, > it's a lot more gratifying to spend a day doing something that enables a user > to get more done, than spending a day doing things that usually result in > a user being able to get *less* done. > > Quite frankly, if every computer system suddenly became secure, I'd not be > out of a job. There would still be a quarter acre of supercomputers and > servers and petabyte-scale disk systems across the hall, in need of all the > other things a sysadmin needs to do besides just security. And most of those > are more *fun* than security, too. > > Besides, I can get more bragging rights out of "I helped build the third > fastest supercomputer in the world" than I can from "the third most secure > computer". > > :) > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/