[18972] in bugtraq
Re: Security information for dollars?
daemon@ATHENA.MIT.EDU (Ryan Waldron)
Fri Feb 2 19:18:33 2001
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.10.10102021424410.16219-100000@kansas.erebor.com>
Date: Fri, 2 Feb 2001 14:30:48 -0600
Reply-To: Ryan Waldron <rew@EREBOR.COM>
From: Ryan Waldron <rew@EREBOR.COM>
X-To: Shalon Wood <dstar@PELE.CX>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <87y9vpjkts.fsf@pele.pele.cx>
On Fri, 2 Feb 2001, Shalon Wood wrote:
> Cooper <Cooper@LINUXFAN.COM> writes:
>
> > Now, could someone explain to me why a select list of individuals should
> > get an earlier warning?
>
> I think this is the crux of the matter. Before you can say that this
> is a good idea, you first have to show that some people should get
> early notice. ...
>
> So, my question to Paul and company is: Why *should* anyone other than
> critical infrastructure get that notice?
It certainly appears to me that the ultimate answer to this might turn
out to be, "Because they are likely to cough up the money for it."
And who, exactly, believes that once these companies *do* cough up
some bucks for whatever fuzzy benefit they might start out getting,
that they won't fight tooth and nail to keep any such benefits from
being given back to non-paying people, no matter how important they
might be? Or worse yet, to expand the gap between the information
that non-members have vs. paying members. Competitive advantage is a
VERY big deal to these people, even small ones. That, after all, not
a big-hearted, humane concern for individual users' well-being, is
what will prompt them to pay-for-play under a system like ISC is
proposing.
Or am I just being cynical?
--
Ryan Waldron ||| http://www.erebor.com ||| rew@erebor.com
"The web goes ever, ever on, down from the site where it began..."
