Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 12 Feb 2001 23:24:41 -0700
From:      Wes Peters <wes@softweyr.com>
To:        Ted Mittelstaedt <tedm@toybox.placo.com>
Cc:        Terry Lambert <tlambert@primenet.com>, Matt Heckaman <matt@LUCIDA.CA>, Kris Kennaway <kris@obsecurity.org>, FreeBSD-ADVOCACY <freebsd-advocacy@FreeBSD.ORG>
Subject:   Re: FreeBSD Ports Security Advisory: FreeBSD-SA-01:INSERT_NUMBER_HERE
Message-ID:  <3A88D329.6D5F9ACE@softweyr.com>
References:  <000401c094b3$4f1050a0$1401a8c0@tedm.placo.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Ted Mittelstaedt wrote:
> 
> All this hairsplitting boils down to the old argument of when
> the CEO or investor or bank investigator asks any programmer
> or administrator "Is the system secure" we all just smile and nod
> and say that it is, all the while knowing that it's impossible
> to make anything 100% secure.  And the security industry is the
> worst about it, because not only do they know that nothing
> is truly secure, but they get paid every day for telling people
> that software and devices are secure that cannot in theory be 100%
> secure.

If that's what your security vendors are telling you, you should fire
them.  Anyone worth the cost of a phone call in the security industry
will gladly tell you all the things they *can* secure, but will never
make any claims at all about securing everything.

This, of course, has nothing to do with security *salesmen*.  They are, 
after all, salesmen, you can tell if they're lying by determining if 
their lips are moving.  Yes == they're lying, No == they're inventing
more lies.

Or, as the old joke says, what's the difference between a (security)
software salesman and a used car salesman?

The car salesman *knows* when he's lying.

-- 
            "Where am I, and what am I doing in this handbasket?"

Wes Peters                                                         Softweyr LLC
wes@softweyr.com                                           http://softweyr.com/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-advocacy" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A88D329.6D5F9ACE>