[lug] A wonderful analogy on security

BOF bof at pcisys.net
Sun Oct 28 06:27:34 MST 2001


A quote from Scott Culp, Manager of the Microsoft Security Response
Center, in a letter complaining that releasing information on security

problems with software is not good [As you may know, Culp doesn't want
it released at
all, so no one will know of any problems, much less fixes, which will
not be needed, as no one will know of the problems]:

     By analogy, this isn't a call for people for give up freedom
     of speech; only that they stop yelling  fire  in a crowded
     movie house.

A response to this from a Zygo Blaxlell, in  a letter to Linux Weekly
News, 20 October:

     Another wonderful analogy!

     Security professionals have been yelling "fire" in crowded
     movie houses for years.  Most of the actual patrons fail to
     pay any
     attention, despite the fact that the seats are made of
     explosively flammable
     materials, the management allows patrons to smoke cigarettes
     in the
     theatre, and occasionally the movie is interrupted by ushers
     dousing
     patrons with fire hoses if they are noticeably ablaze.
     Patrons who do catch
     fire are not offered a refund, nor a credit for those parts
     of the movie
     that they miss, nor even so much as an apology.

     If a _real_ moviehouse was run this way, its management
     would be in jail by now.

I would say that this sums up the status of computer security as
practiced in the early 21st century very well!

The full letter is here, about half-way down the page

    http://lwn.net/2001/1025/letters.php3

BOF





More information about the LUG mailing list