On Thu, Jul 22, 2010 at 11:28 PM, Marsh Ray <[email protected]>wrote:
> On 07/22/2010 08:05 PM, Dan Kaminsky wrote: > >> >> That's $240K/yr being spent to manage three year expirations, just on >> labor. >> > > Yep. > > But as Dr. Laura would say, "you knew that before you married her". > > Nobody said you had to go into that business, or that you were entitled to > make a profit on it. Nobody says they have to deploy secure endpoints, but the credit card people, and even then only on a really restricted subset of sites. There are fundamental sources of these failures that are not just "people are stupid". Remember the tales of failed +$100M PKI deployments around the turn of the millenium? Why do you think so much money got spent? What might be the unintended consequences be of having 500 "secure" sites > hosted by folks that can't manage to spend one day every three freakin' > years on maintenance? > > It's one day every three years per server. If you have a lot of servers, it adds up. And so, we back into the empirical reality -- people don't put SSL on a lot of servers.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
