Tuesday, September 2, 2008

if you think security problems can be solved...

if you think security problems can be solved, rather than just mitigated to varying degrees, then you might be a security idiot...

(inspiration)

6 comments:

Unknown said...

Well, Kurt, first off if you want to call me an idiot at least have the courage to do it to my face, and second you clearly misunderstood the post, which I understand - you have a very myopic view of the world, very much like the mentally challenged kids I volunteered to help with homework back in High School.

What I said is that we are resilient - but happy to discuss further if you like, you know how to reach me =)

kurt wismer said...

funny, it seems to me that the notion that every problem has a solution is more in line with a myopic world view if you ask me (and comparing me to mentally challenged kids is very 'high school')...

my comment was 'inspired' by a complaint at the referenced page about security vendors not trying to solve the problem... at least part of the problem is the attackers themselves and that problem is no more solvable than the problem of crime...

and frankly, i didn't accuse anyone of being an idiot, i simply said that might be the case in the general sense...

Unknown said...

Ah, but I never said every problem had a solution - twisting words and positions to make a point is what you did, not me.

What I was pointing out was that major security vendors are not driven to find solutions to problems. Major security vendors, actually almost all if not all vendors, are driven to increase profits, in many cases their profits are reliant on NOT finding a solution.

Nowhere is this more extreme than in the pharmaceutical industry. I used the example of the billion$+ diabetes industry, which would all but evaporate if a cure/solution was found to the problem of diabetes.

kurt wismer said...

you may not have said every problem has a solution but you certainly implied that security problems (in general) have solutions when there is little or no evidence that that is true (there is provably no solution to the malware problem, for example)...

it makes little sense to criticize vendors for not pursuing something when you don't even know if that something is within the realm of possibility...

Unknown said...

Are you really arguing with a person about what they may have implied when they said something that you are taking out of context - are you really being that guy?

kurt wismer said...

i'm of two minds here... one says to point out that the context is a characterization of security vendors as 'complete incompetents' for not doing the right thing by trying to find a solution to the problem... the post as a whole was about something else, but the rest of the post doesn't change the meaning of this characterization (indeed, this characterization was the only reference to vendors in the entire post)...

the other says that you are clearly still taking this far too personally in spite of the fact that i said this post wasn't about you specifically... this post also wasn't about what the referenced post was about... that post simply contained something that inspired this post, nothing more...