Hmm. A lock is a permissive measure, to permit you to more easily enter a room, for instance, without having to destroy a portion of one of its four walls. The lock is installed in a door. The door is a vulnerability. The lock attempts to compensate for the door vulnerability. Without the lock the door can be opened by anyone. With the lock the door can also be opened by anyone who has a foot attached to a leg and the ability to apply it in a forward kicking motion. The only difference is that the broken door leaves evidence of the intrusion. The lock forces the application of destructive force or use of a circumvention technique. The lock does NOT change the security level of the room, because it still has a door vulnerability.
I'm pretty sure this is not wrong thinking, and thus my previous comments, which I stand by after having re-read them. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Mike Fratto Sent: Friday, August 08, 2003 10:22 AM To: [EMAIL PROTECTED]; 'Matthew Murphy'; 'Full Disclosure' Subject: RE: [Full-Disclosure] Vulnerability Disclosure Debate > > with a lock, the primary purpose of it is > > security -- it has no other purpose. > > Everyone gets this wrong. Including you. :) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
