Taken from Bruce Schneier's excellent CRYPTO-GRAM http://www.counterpane.com/crypto-gram.html> There are a couple of dozen new vulnerabilities each week in major software products.... Last month I complained that Microsoft is prohibiting services like BugTraq from reposting its security advisories.... From: "Penafiel, Cathy" Subject: Marcus Ranum's essay on the Window of Exposure In my experience working on a large government contract, it is very difficult to get patches/tools into operational computer systems..... A little-discussed fact of computer security is that minority products are more secure than popular products for the simple reason that there aren't as many exploits for them. The Citadel model basically says: "If you have this stuff and do these things, you'll be safe." The Insurance model says: "Inevitably things will go wrong, so you need to plan for what happens when they do." In theory, the Citadel model is a much better model than the pessimistic, fatalistic Insurance model. But in practice, no one has ever built a citadel that is both functional and dependable. --- You are currently subscribed to e-gold-list as: [email protected] To unsubscribe send a blank email to [EMAIL PROTECTED]
