On Mon, 9 Oct 2006, Gary McGraw wrote:
> The most interesting thing from an sc-l perspective about this column is > that it emphasizes a client need we're often forced to address---the > need for a demo exploit. Sometimes those on the receiving end of a > software security vulnerability don't believe that findings are real. > An often-repeated excuse for doing nothing is "well, that's just a > theoretical attack and it's too academic to matter." I can't tell you > how many times I've heard that refrain. In 1998 we put a slogan on the L0pht.com web page. "That vulnerability is theoretical." -Microsoft L0pht - making the theoretical practical since 1992. Microsoft doesn't say that line any more. I guess a few worms can change your tune. It seems that you need to get bitten a few times before you automatically put on the bug spray before heading down to the swamp. -Chris _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php
