Comments on: The Security Power Play http://spiresecurity.com/?p=571 Risk and Cybersecurity Analysis Wed, 21 Aug 2013 23:28:51 +0000 hourly 1 http://wordpress.org/?v=3.5.1 By: Pete http://spiresecurity.com/?p=571&cpage=1#comment-861 Pete Tue, 09 Aug 2005 12:47:29 +0000 http://spiresecurity.com/blog/?p=571#comment-861 This is a reference to the FACT that the probability of a white hat and a black hat finding the same vulnerability is very, very low within the random world of every vuln that exists everywhere, and of course black hats are motivated to actively reduce even this number. We all are pretty certain that, on average, about 10 NEW vulns will be found by good guys tomorrow, the next day, etc. And yet we do nothing about them today, even though those are the vulns we claim to care about.

(I shouldn’t have said “there is nothing [we] are doing…” I meant that statement wrt white hat vulnerability research.)

]]> By: Axel Eble http://spiresecurity.com/?p=571&cpage=1#comment-860 Axel Eble Tue, 09 Aug 2005 06:52:37 +0000 http://spiresecurity.com/blog/?p=571#comment-860 “If the risk is there, there is nothing the “good guys” are doing that will eliminate it (this is a key point – I suggest reading it over and over until its meaning actually dawns on you). Even reducing it is pretty unlikely, based on current research.”

Can you elaborate a bit on that? I agree with “If it isn’t there, we are just proving how geeky security people can be and forcing everyone else to live on our terms, and ultimately ruining the online experience for many people.” but not necessarily with the former statement.

]]>