-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >That *shouldn't* be how security intensive situations work. Security > > can *not* be an afterthought based on consumer analysis when going > into a forum that is specifically security oriented. Security should > have been built into the product from point of conceptualization.
You are absolutely right! I will not argue this point at all. The only thing I will say is that product security is based on a process of evolution. My statement was intended to indicate that it is customer demand that drives the speed of that evolution. > Microsoft should not win a security bid because it might give them > "more incentive" to make a more secure product. If the product lacks > security the product should not be considered for secure solutions: > case closed. Thinking of this kind is only perpetuating the > problem and disconnecting our community from the solution. That is not the primary driver behind any of the statements made thus far. I am almost certain that this win for Microsoft will have very little to do with the well-defined roadmap for security improvements that has already been established. This of course relates to the observation made above. I in no way intended for the comments made to be interpreted as support for perpetuating a lack of security (in fact, my professional ethics would be quite suspect if I did ;-) > The thought process you present here is akin to giving an ex convict > a gun based on his word that he wont shoot you once he's got it. The > convict must prove that he understands the capability and consequences > of utilizing a weapon in a fashion that negates the fabric of > a society based on freedom and equality. This is the point at which we digress from the topic at hand and find ourselves casting unnecessary disparities. If that is your interpretation of the thought process presented than so be it. Thank you for your time and attention, ======================== Brad Bemis ======================== > -----Original Message----- > From: northern snowfall [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 16, 2003 12:29 PM > To: Brad Bemis > Cc: [EMAIL PROTECTED] > Subject: Re: [Full-Disclosure] Microsoft wins Homeland Security Bid ( > Reuters) > > > > > > > >>I would hope and think that this would give Microsoft > >>more incentive to make their products more secure from > >>the begging. I see this as possibly being a benefit to all of > >>us (hopefully). > >> > > > >Agreed! Customer demand is the only way that we as a community can > >influence the evolution of inherent security controls, > whether the target > >of discussion is Microsoft or any other product vendor. > > > That *shouldn't* be how security intensive situations work. Security > can *not* be an afterthought based on consumer analysis when going > into a forum that is specifically security oriented. Security should > have been built into the product from point of conceptualization. > > Microsoft should not win a security bid because it might give them > "more incentive" to make a more secure product. If the product lacks > security the product should not be considered for secure solutions: > case closed. Thinking of this kind is only perpetuating the > problem and disconnecting our community from the solution. > > The thought process you present here is akin to giving an ex convict > a gun based on his word that he wont shoot you once he's got it. The > convict must prove that he understands the capability and consequences > of utilizing a weapon in a fashion that negates the fabric of > a society > based on freedom and equality. > > Don > > http://www.7f.no-ip.com/~north_ > > > > > -----BEGIN PGP SIGNATURE----- iQA/AwUBPxWcyJDnOfS48mrdEQJ4qACeI+eonUNhWAU4Ukea2bY6Rrw6774AoJn9 iV4XKMUY6733rFZ1zUtnVLsB =Qj60 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
