There could be a number of things going on here. Part of it may be a
rationalization process whereby someone looks at the time and effort that
they would have to personally provide vs. the risk and likelyhood of a
security breach occuring or it having a negative impact and have decided
that its just not worth it. Mind you, I don't personally agree with this
approach nor do I even know for sure whether that is what is at work.
I once asked the Technical Support Manager of a data center what his
disaster recovery plan for his data center was and he told me that his
disaster recover plan was: if a disaster occurred, he would turn in his
resignation. His logic was that the risk of getting hit by a disaster
was low but the probability of him having to do a lot of work to develop
the plan was high, so....
**** cjolley @
net <Carl Jolley>
**** All opinions are my own and not necessarily those of my employer ****
On Fri, 28 Apr 1995, Bryan D. Boyle wrote:
> On Apr 27, 3:34pm, Larry Kealey wrote:
> > Subject: Re:TRUST US
> > Hmmmm, I do not believe I would like to risk the assets of my company to a
> piece of software
> > which has been reviewed by all the hackers out there. If they gave it the
> > housekeeping" seal of approval, I think I'm gonna stay as far away as
> Guess you aren't using satan or ISS or any other tools, eh?
> Question: do you trust your network to a security perimeter that some vendor
> tells you "trust us, we know what we are doing, and our code is perfect for
> your protection. You have our word on it." (with a Joe Isuzu smile...)?
> If so, I have some land I would like to offer you.
> IOW, it sounds like one should protect their network against what one imagines
> the threats are, rather than what are known as threats?
> I think any security professional owes it to their company to look at ALL
> methods, alternatives, and analyze the products properly. The fact that your
> 'enemies' have examined the same piece of software is irrelevant. The fact
> that 'hackers' have talked about the fwtk in their little circle and magazines
> and so forth is a credit in its favor, since it is viewed by that community as
> a credible and strong method of protecting the network perimeter, and one whose
> mechanism is reisitant to penetration.
> I don't see what the problem is...or am i missing something here?
> Bryan D. Boyle |The Moving Finger writes,and having writ, moves on.
> #include <disclaimer> |Nor all your Piety nor Wit can call it back to cancel
> EMAIL: bdboyle @
com |Half a line, or all your tears wash out a Word of it.