On Wed, 3 Jul 2002, WE HATE SPAM wrote: > On Tue, 2 Jul 2002, James Ralston wrote: > > > Metaphorically speaking, with such a plethora of juicy, > > low-hanging fruit within easy reach, there's little reason to > > climb up to the top of the tree and see what might be there. The > > only people who are going to do that are intelligent and > > determined people who have good reason to believe that there's > > something *really* juicy up there. > > Have you by chance read Building Secure Software (John Viega, Gary > McGraw (Viega is one of the guys behind RATS > (http://www.securesoftware.com/rats.php)) I mention this because > there is a chapter in the book that is says the same thing as what > you wrote ;-)
I haven't read the book, but I heard McGraw speak at the USENIX 2002 Technical Conference, and he described easy targets for crackers as "low-hanging fruit". I thought the metaphor was a particularly apt, so I expanded on it (above). If my expansion matches McGraw's, then that's just a happy coincidence. (IMHO, really good metaphors are ones which are reflexive enough that people tend to expand them in the same way...) -- James Ralston, Information Technology Software Engineering Institute Carnegie Mellon University, Pittsburgh, PA, USA
