I wonder if someone writes down all that pseudo-intellectual philosophical bullshit that is so carefully crafted by FD members (myself included)? Maybe I should: ??? Profit
-Travis On Thu, Jun 24, 2010 at 5:45 AM, Walter van Holst < [email protected]> wrote: > On Thu, June 24, 2010 11:08, [email protected] wrote: > > >> The answer to that kind of question is quite often related to the > >> industry average. For example no more failures than one standard > >> deviation below the industry average. > > > > Ahh.. but that doesn't really help either. Consider that not all > > failures > > are created equal. Should a failure to detect some unknown basically > > harmless > > strain that's only been seen on 4 machines in Zimbabwe count the same > > as > > failing to notice that a machine is still infected with Code Red or > > something > > that's virulent and malicious and on a very large current burn? Do > > you even > > care it didn't detect the Zimbabwe strain your machine has never been > > exposed to? > > Of course any way of measuring it will be fundamentally flawed in > certain ways. There is always that pesky 80/20 or 90/10 rule. And you > can of course figure out a way of correcting for corner cases, but > that will only create additional corner cases. That's what makes > lawyering on product liability a craft at best and usually some form > of black magic. > > > For that matter, do you really want to create a situation where the > > various > > A/V companies now have an *incentive* to make sure their competitors > > don't > > detect something (either by failing to share data, or resorting to > > having > > malware custom-crafted)? The only reason the whole A/V industry > > And yes, there may very well be unintended consequences. Nonetheless, > I feel the era of complete exoneration from product liability is > coming to an end for packaged software. Especially in the security > industry. It is just a matter of an 'unsafe at any speed' moment > occurring and there will be legislation, however braindead such > legislation may be from an engineering viewpoint. > > Call me a pessimist, but we've been putting way too much critical > stuff on internet connected systems while at the same neglecting basic > hygiene at every level not to have some disaster to happen. It isn't > so much a question of if but when that will happen. > > Regards, > > Walter > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on http://pastebin.com/f6fd606da
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
