1995-01-30 - Re: CERT statement

Header Data

From: “Ian Farquhar” <ianf@sydney.sgi.com>
To: cypherpunks@toad.com
Message Hash: 7c05df90c55e03d3561b5a3cef8e52f041af381017f0e00e665adf9338661082
Message ID: <9501301059.ZM17103@wiley.sydney.sgi.com>
Reply To: <9501262142.AA07376@dun-dun-noodles.cam.ov.com>
UTC Datetime: 1995-01-30 00:03:30 UTC
Raw Date: Sun, 29 Jan 95 16:03:30 PST

Raw message

From: "Ian Farquhar" <ianf@sydney.sgi.com>
Date: Sun, 29 Jan 95 16:03:30 PST
To: cypherpunks@toad.com
Subject: Re: CERT statement
In-Reply-To: <9501262142.AA07376@dun-dun-noodles.cam.ov.com>
Message-ID: <9501301059.ZM17103@wiley.sydney.sgi.com>
MIME-Version: 1.0
Content-Type: text/plain


On Jan 26,  4:42pm, Marc Horowitz wrote:
> You're exactly right.  However, getting people to deploy real security
> systems is nearly impossible.  My company sells a kerberos system, and
> although everyone is saying they want security, nobody really
> understands what this means, and as soon as we tell them that it
> actually involves effort, they become far less interested.

To a former employer of mine, security meant using the word "security"
in as many reports as they could.  The management never committed
resources to it, and didn't seem to have a grasp of even the most
basic concepts of it, but as long as they said "security" lots of
times, they felt that they had it.

Unfortunately, this seems to be a fairly typical state of affairs
in many organisations.

						Ian.






Thread