[1410] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: evidence/timelines that show linux is

daemon@ATHENA.MIT.EDU (Benjamin L. Brown)
Wed Jan 29 17:43:12 1997

Date: Wed, 29 Jan 1997 13:31:52 -0800
To: linux-security@redhat.com
From: "Benjamin L. Brown" <bbrown@optimumdesign.com>
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com

[Mod: Quoted text trimmed. -- alex]

I think that is going to be tough, but the real issue is that
even with "evidence" like this, it does not address the most
important issue to upper management: Who to blame/litigate
when there's a security breach? They want to know who is
responsible for keeping ahead of the system crackers and at
whom to point the finger if (to be read, "when") a
breach is expoited. So even if you were to collect lots of
anecdotal data ("anecdotal", because none of it would stand
up to true scientific investigatory criteria), it wouldn't
convince managers who need to have good feelings about dealing
with a definable, legal, corporate entity. The "Linux Community"
does not fall within this limited thinking.

[Mod: The thing to remember is that to my knowledge none of the vendors of
commercial UNIX operating systems is willing to accept responsibility for
vulnerabilities either. -- alex] 

Regards,
B.Brown

----------------------------------------------------------------
These are so obviously my own opinions that no one in the world
would ever even think that they represent those of anyone else.
----------------------------------------------------------------


home help back first fref pref prev next nref lref last post