"Arnold G. Reinhold" <[EMAIL PROTECTED]> writes: > My other concern with the thesis that finding security holes is a bad > idea is that it treats the Black Hats as a monolithic group. I would > divide them into three categories: ego hackers, petty criminals, and > high-threat attackers (terrorists, organized criminals and evil > governments). The high-threat attackers are likely accumulating > vulnerabilities for later use. With the spread of programming > knowledge to places where labor is cheap, one can imagine very > dangerous systematic efforts to find security holes. In this context > the mere ego hackers might be thought of as beta testers for IT > security. We'd better keep fixing the bugs.
This only follows if there's a high degree of overlap between the bugs that the black hats find and the bugs that white hats would find in their auditing efforts. That's precisely what is at issue. -Ekr --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
