> > Perhaps the Feds (and maybe states) could use their purchasing power > > to effect change. Short of that, or regulation, the I don't see how > > the serious issues we have with the 'net will get resolved. > > I suppose that the "problem" is likely that people don't understand > > what a nice actually well-written worm could/would do if it were > > targeted at the infrastructure. > > People do. I've been beating this particular horse for a while now, > and we are starting to deploy the capex hammer. I suggest others start > to do the same. See my presentation at the eugene nanog.
So what's a good place to look for security requirements in RFPs for hardware/software vendors ? Thanks. Rajesh.