Re: [Full-disclosure] [WEB SECURITY] comparing information security to other industries

That's a tough question to address. I don't think the security industry
will achieve perfection no more than the other industries you listed.

Like the other disciplines, research continues, but so do the evolution
of threats. Construction and engineering is plagued with their own set
of challenges that must be overcome.

Buildings can be engineered and constructed with a high degree of
confidence, but a good, strong storm or earthquake can still bring them
down. Security is the same in that sense.

We can evolve our knowledge and implementations, but a good, strong
storm (or careless error) can bring it all down :-)



My 0.02



Will



________________________________

From: KT [mailto:ktriv3di@xxxxxxx]
Sent: Tuesday, December 19, 2006 2:16 PM
To: full-disclosure@xxxxxxxxxxxxxxxxx; websecurity@xxxxxxxxxxxxx
Subject: [WEB SECURITY] comparing information security to other
industries



So we have been dealing with information security from last 20 years and
still the world is at large lost. We still see banks vulnerable to
trivial XSS attacks and software broken by buffer overflows. How do we
compare to other industries like construction, engineering, finance?
What I am trying to figure out is how mature we are and how long will it
take for to get stable?

Confidentiality Notice: This message is for the sole use of the intended recipient(s).
It may contain confidential or proprietary information and may be subject to the
attorney-client privilege or other confidentiality protections. If this message was
misdirected, neither FNC Holding Company, Inc. nor any of its subsidiaries waive any
confidentiality, privilege, or trade secrets. If you are not a designated recipient,
you may not review, print, copy, retransmit, disseminate, or otherwise use this message.
If you have received this message in error, please notify the sender by reply e-mail
and delete this message.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Relevant Pages

  • RE: What is being a pen tester really like?
    ... Do you then continue to check all the doors, windows and any other outlets, ... Let's say I am a security guard at a shopping mall. ... E-MAIL CONFIDENTIALITY NOTICE: ... Download FREE whitepaper on how a managed service can help ...
    (Pen-Test)
  • Re: AppArmor FAQ
    ... MLS systems) attaches security policy to the data. ... through the system, the label sticks to the data, and so security ... Enforcement was specifically designed to be able to address integrity ... _and_ confidentiality in a way acceptable to commercial organizations. ...
    (Linux-Kernel)
  • Re: classification shceme of security concept
    ... (confidentiality, trust, access control, replication, integrity, ... well, there is the CIA triad (confidentiality, integrity, ... disposed a differents concept related to security domain ...
    (alt.computer.security)
  • Re: Patching
    ... > availability, confidentiality and integrity, isn't it? ... > system availability to name a few instances). ... > from a security perspective. ...
    (Security-Basics)
  • Re: More on garbage
    ... > whether it is useful or not depends on the application's security ... security proportional to risk ... stuff has talked about 50 years confidentiality. ... transaction. ...
    (sci.crypt)