> Imagine you own a home and installed a security system on all the doors > and windows. You set the alarm and leave for a weekend.
OK > A thief comes up to your house, breaks a window, and slides through the > opening. The alarm does not go off because the thief found a > vulnerability in the security system. > > Do you blame the security company that installed your intrusion > detection system? Yes, and then I sue the security company for failure to provide what was paid for. I believe this would be a warranty provision which the security company breached. > Plus, most of the software is released to the public in the form of > Betas or Release Candidates months ahead of the release date. If > identifying security holes was that easy then why aren't there more > vulnerabilities reported before the 'gold' release of products. The primary purpose for this realease is to allow a specific group of developers and software companies the opportunity to prepare for the new release. It is not specifically released for security testing although I am certain that this is performed to a limited extent (although it would be more fruitful if they paid for security audits rather than assume they are performed gratuitously) > I do expect that any computer user should have fundamental security > training before using it. After all, the computer is a tool. Nobody > should operate a microwave or chainsaw without reading the safety > instructions. The same care should be taken for computers. Therefore we should license computer users and require tests before they are allowed to buy and/or use a computer? Something along the lines of a drivers license? Also, have you seen some of the absurd warning in the operating manuals - 'Do not touch the chain saw blade while in motion'. Perhaps all computers sould have a warning - 'Do not use if you are an idiot'. But then most internet commerce would cease... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
