[lug] A wonderful analogy on security
BOF
bof at pcisys.net
Sun Oct 28 06:27:34 MST 2001
A quote from Scott Culp, Manager of the Microsoft Security Response
Center, in a letter complaining that releasing information on security
problems with software is not good [As you may know, Culp doesn't want
it released at
all, so no one will know of any problems, much less fixes, which will
not be needed, as no one will know of the problems]:
By analogy, this isn't a call for people for give up freedom
of speech; only that they stop yelling fire in a crowded
movie house.
A response to this from a Zygo Blaxlell, in a letter to Linux Weekly
News, 20 October:
Another wonderful analogy!
Security professionals have been yelling "fire" in crowded
movie houses for years. Most of the actual patrons fail to
pay any
attention, despite the fact that the seats are made of
explosively flammable
materials, the management allows patrons to smoke cigarettes
in the
theatre, and occasionally the movie is interrupted by ushers
dousing
patrons with fire hoses if they are noticeably ablaze.
Patrons who do catch
fire are not offered a refund, nor a credit for those parts
of the movie
that they miss, nor even so much as an apology.
If a _real_ moviehouse was run this way, its management
would be in jail by now.
I would say that this sums up the status of computer security as
practiced in the early 21st century very well!
The full letter is here, about half-way down the page
http://lwn.net/2001/1025/letters.php3
BOF
More information about the LUG
mailing list