Re: Scanners and unpublished vulnerabilities - Full Disclosure

From: R. DuFresne (dufresne@sysinfo.com)
Date: 05/29/02 

Date: Wed, 29 May 2002 01:59:54 -0400 (EDT)
From: "R. DuFresne" <dufresne@sysinfo.com>
To: Raju Mathur <raju@linux-delhi.org>

There's one point I think that has not been fully looked at in this
discussion, folks have walked around it, but, avoided a direct hit on it;

over time, with more colsed mouth and kept to the breast vulnerability
information, and less open full disclosure, it requires companies to buy
from so many vendors and maintaining so many products to monitor the
perimiter and inside boarders, and forces folks to use so many different
scanners that the ammount of data to sort through might well become a
real pain, that KISS soon flies out the window. Makes the chances for
error rise dramtically with costs for all the products required to monitor
all the potential exploits that each package only parcially is geared to
deal with.

It does seem a shame that the info-sec industry is so bent upon the bottom
dollar and vulture capitalists that to IT community as a whole might well
suffer due to niche carving within it, yet it's been bound to happen...

Thanks,

Ron DuFresne 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Relevant Pages

  • Re:[fw-wiz] Vulnerability Response (was: BGP TCP RST Attacks)
    ... of folks are using stuff that isn't working well. ... Working harder on it may not make it better. ... >>fundamental security core of their OS. ... >the typical corporate network? ...
    (Firewall-Wizards)
  • RE: SQL
    ... Subject: SQL ... >> This list is provided by the SecurityFocus Security ... For more information on SecurityFocus' SIA service which ... >This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • RE: Insurance
    ... property--data beign deemed "intangible" for the purposes of insurance. ... for physical security testing there are often 3rd parties ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • RE: Pen-Testing Lotus Notes/Domino
    ... Subject: Pen-Testing Lotus Notes/Domino ... of document security. ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • R: Pen-Testing help (Compaq Insight & htsearch)
    ... This web server happens to be in front of their ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)