Well, methinks Linus is going to be "security villain of the week" for a few days again.
http://www.networkworld.com/news/2008/081408-torvalds-security-circus.html?hpg1=bn Problem is, he's actually got a good point. Unfortunately, his use of "security circus" is going to be read as the whole security community, when he is actually referring to the lunatic fringes at both ends of the "disclosure" spectrum. There are those who still cling to the outdated and disproved dogma of "security by obscurity," and there are the self-promoters (with egos the size of the MS Windows Vista source code) who are eager to trumpet any little flaw they find as a "security" vulnerability. Those of us in the trenches have been trying to keep vendors and consultants from using these arguments on the uninformed for years. Linus is saying the same thing. He's as frustrated as we are, and for the same reasons. He just uses more sensational phrases. ====================== (quote inserted randomly by Pegasus Mailer) [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] Because the lives of the wicked should be made brief. For the rest of us, death will be a relief-- We all deserve to die! `Sweeney Todd,' Stephen Sondheim victoria.tc.ca/techrev/rms.htm blogs.securiteam.com/index.php/archives/author/p1/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
