On Thursday 05 August 2004 18:49, hellNbak allegedly wrote: > On Thu, 5 Aug 2004 someone pretending to have a nmrc email addy wrote:
<snip> > > The only mistake you make above is that you paint the entire industry > with the same brush. Yes, I and a lot of people make money in this > industry. We took a hobby and made it a job -- why not? Why not get > paid for something you enjoy. Working in this industry does not > automatically make you a false profit as you explain above. > > Over the long term -- no one will benifet -- and I dont care how big > the paycheck is -- telling a client what they want to hear is not the > way many of us choose to make a living. Sure, there are a lot of > people in EVERY industry that are willing to push ethics aside and do > what it takes for that paycheck but I know I can look myself in the > mirror and say that I am not one of those people. > > Eventually the false prophets are exposed, sure they already got > their paycheck and have moved on to the next sucker but eventually > they run out of suckers and money. > > > What do you hope to achieve, or how do you believe your opinion is > > being relevant or novel, if you come to this audience, and state > > that CERT is no longer credible, and is a bunch of crooks who live > > off selling advance vulnerability warnings? Or that Microsoft is > > not exactly particularly devoted to improving security of their > > products and protecting their customers? > > I hoped to stir some shit up, perhaps give the guys over at > [EMAIL PROTECTED] a bit of a kick in the nuts as there was a time > that they were making at least a little progress. I was hoping to > draw enough attention to this issue that perhaps someone from one of > the major banks will one day sit down and correlate the connection > between vulnerabilities such as this and losses due to fraud. The > only way that any vendor is going to be forced to actually care about > security and actually care about users is when those users mean lots > of $$$ to them. There just might be some hope . . . check out this white paper from PWC on "Integrity-Driven Performance." http://www.cfodirect.com/cfopublic.nsf/f19696b6432afb8b8525690a000c9f67/86a39deb761f514d85256e3f00641442/$FILE/PWC_GRC_WP.pdf (URL might wrap). You can get it from Google if you search on pwc_grc_wp.pdf . . . Cheers, /g _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
