On Fri, Oct 24, 2008 at 8:41 AM, Juha-Matti Laurio <[EMAIL PROTECTED]> wrote: > SANS ISC InfoCon meter is Yellow now > http://isc.sans.org/infocon.html
- why tell the bad guys you're frightened about them. - why frighten the good guys, and be frightened? - why rate threats to the public domain? why not keep it to yourself, it changes nothing apart from create a fear, and then all you have to fear is fear its self, when nothing may actually happen to you. i don't even think we should be rating vulnerabilities either, they should all be one of the same, we shouldn't rate terrorism threats or hacker threat vulnerabilities or security incidents. is it not obvious to each individual how important something is, and allow then to give it their own rate privately, and not have a rate of fear that we should all adhere to. there should be no public threat levels, keep them in side your organisation, don't outward show fear or fright, because then you've given in before you've even started. keep threat levels private, don't rate anything, not even microsoft patches on patch tuesday. all threats should be one of the same. everyone. not just sans, stop rating everything, treat everything one of the same thing. even if you have a threat level inside your organisation, don't outward face it publically. hackers, dont rate your vulnerabilities, vendors dont rate vulnerabilities, everyone don't rate anything publically. what do rates and threat levels do for us? would we be less off without them, would anything change if everyone suddenly stopped rating things publically? the world would be a better place without rates and threat levels, everything would be a lot calmer and laid back, there would be more peace. n3td3v _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
