Anton Chuvakin wrote: >A huge improvement, isn't it? I'm not trying to be a wiseass, but we've all heard of countless "huge improvements" going on in computer security. Gargantuan sums of money have been spent. Yet I see no sign whatsoever of the situation improving, unless you're: a) a security consultant b) a pen tester c) someone who sells compliance-mandated security products Systems appear to be just as penetrable as they were 10 years ago. Data appears to be just as exposed as it was 10 years ago (it just shows up in the press now, whenever a customer database is dumped). Organizations appear to be just as clueless about what's going on in their networks as before. Etc. Let's enjoy it while we can. But sooner or later the bean-counters are going to come looking for all that return on security investment and all we'll have to show them is....? Well - the constant stream of disasters has to stop. mjr. _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Thu Mar 22 2007 - 08:36:40 PST