On Thu, 12 Jan 2006, Martin Hannigan wrote:
> If we accept the "clue" problem as the solution, I think we > accept the fact that we condone the vendor not having secure > solutions. That may be fine for our new colleague the 'security vendors should always, or be beatten about the head/shoulders when not, put out secure products... always. > engineer', but it's not good for the Internet as a whole and it > distracts us from the work of making it work. > how is it better for security engineers? it's hell, every 3rd month a new 'default passwd' often on a 'security' device :( talk about stupid :( > Offering tutorials at NANOG is a great effort towards the > clue issue, but maybe we should offer vendors tutorials on > the inverse? > Some vendors have asked and received this sort of thing, does huwei (which I butchered the spelling of) want one? (or need one?) how about netgear and their lovely NTP issue? or checkpoint or ... there are quite a few vendors out there, some even attend NANOG. If they listened to their customers I suspect they'd hear: "I want a secure platform!" quite loudly.
