> -----Original Message----- > From: sockz loves you [mailto:sockzat_private] > Sent: 07 November 2002 10:13 > To: full-disclosureat_private > Cc: vuln-devat_private; vulnwatchat_private; > bugtraqat_private > Subject: [Full-Disclosure] Security Industry Under Scrutiny: Part One > > > Hello Full-Disclosure. *snip the rest - it goes downhill from here* Well Sockz, you've made some interesting points, although I would have to admit that there is at least as much noise in your posts as anyone elses, if not more. This would be a good time to give a far more reasoned argument for Full Disclosure than the one you have given, even if you are a troll or flame-baiter. I shall make two important points, the historical basis for Full Disclosure and comparisons with other parts of life (there is more to life than computers, so my wife tells me...) First of all, is there any historical basis for Full Disclosure? Yes, and I'll give the example of the translation of the Bible into English. At the time it was opposed by the church of Rome because they would lose their power over the people. They could read for themselves that salvation didn't come through the church or even its traditions (A modern day equivalent would be what Microsoft and others are attempting with Palladium, ie you trust us to supply you with "good" code, everyone elses is "bad"! That is a swipe at Microsoft in case anyone thinks otherwise). Now we have thousands of weird cults with all kinds of odd beliefs (eg the Wacko from Waco) based on various misinterpretations of scripture. Should we revert to the old system, where there was only one church and people were told what to believe? Clearly there are disadvantages and advantages to allowing people to find things out for themselves. The situation with information about computer systems is much the same today. Do we trust one mega-corporation to tell us what it wants us to believe, or do we trust each other to share information to benefit each other with the risk that someone might abuse it? Second, can you compare this to other parts of life. Would you oppose someone making public the problems with Ford Explorer tyres, as this would "inconvenience" Ford into making safer tyres? Would you prevent the sale of Swiss Army knifes on the grounds that someone could injure another person? Would you censor the media so that only state approved information would get published? Some countries still do that, but we don't consider them free. Of course, here in the UK we're into banning everything. We banned handguns nationally (thus losing ourselves Olympic medals) because one mad person slaughtered an infant school class (I have a young boy in infant school, so don't think I'm completely heartless, nor would I wish a gun culture like the US which is depopulating that country at an alarming rate). We banned any sharp instruments on planes even though you can probably do much more harm with a tray table (not that I've tried). I spend most of my working day on security issues, that is very inconvenient to me, but what would be more inconvenient would be a system that was attacked and I was completely ignorant as to how it was done. There is nothing wrong with the security community that is any different to the rest of mankind. (personkind for the PC). If anything, more transparency like the Full Disclosure list is needed as those intent on damage are already trading their information through other means. Unfortunately vested interests have taken over some of the security lists so that only information that makes the owners look good gets out (you know who you are). I once heard it said that real freedom is the freedom to do what is right, which of course requires knowledge in the first place. - John Airey, BSc (Jt Hons), CNA, RHCE Internet systems support officer, ITCSD, Royal National Institute of the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Aireyat_private If we could learn one thing from September 11th 2001, it would be the utter absurdity of moral relativism. - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2b30 : Thu Nov 07 2002 - 03:36:23 PST