On Oct 26, 2012, at 11:19 AM, paul vixie wrote: > this sounds like a new application of 'the chemical polluter business model'.
There's more to it than that, though. It's important to understand that those who are purchasing and deploying network gear often are nonspecialists, and so frustrations, project delays, etc. would crop up in the customer organizations - who would then complain vociferously to the network infrastructure vendors and/or simply switch to a vendor which didn't enable anti-spoofing as a default. Time and time again, it's been demonstrated that most human beings are simply incapable of/uninterested in properly assessing abstract risk models. This is why nobody really cares about security except when they've been hit, and even then, only for the immediate duration of their distress - and to be fair, the capex and opex savings of playing the odds and simply ignoring security risks often ends up as a net positive, from an economic perspective. ----------------------------------------------------------------------- Roland Dobbins <[email protected]> // <http://www.arbornetworks.com> Luck is the residue of opportunity and design. -- John Milton _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
