From: frankw@in.net (Frank Willoughby)
Date: Tue, 9 Jan 96 11:23:31 PST
To: cypherpunks@toad.com
Subject: Re: Microsoft continues to mislead public about Windows security
Message-ID: <9601091923.AA01238@su1.in.net>
MIME-Version: 1.0
Content-Type: text/plain


From the desk of Lucky Green:

>
>Very true. But why does it always seem to take an exploitable crack before
>companies pay attention to security flaws? Is it because they are unable to
>admit that they have made a mistake? Everybody makes mistakes. What's the
>big deal? I really don't understand it. Any psychologists on this list?

I'm not a psychologist, but I have worked in the Information Security field
for a while now.

When a system is breached or a CERT Advisory is issued, this is a major
embarassment for the company.  The breach (or publicized security flaw)
shakes the confidence of people in the vendor's products.  People are 
rather unwilling to risk putting their business-critical data on a system 
which has just recently breached.  This lack of confidence translates into
a loss in sales.  If unchecked or the case if severe enough, this could 
also translate into a loss of jobs.

If the consumers (or some key major players) put pressure on the vendors 
to secure their systems, then it will happen.  Until then, the vendors
will continue provide us in the Information Security field with unparalleled 
job security.  8^)  You would be surprised how bad the situation really
is and how many companies are vulnerable and to what extent (then again, 
you may not).

We now return you to your discussion on crypto.  8^)

Best Regards,


Frank
Fortified Networks Inc. - Management & Information Security Consulting
Phone: (317) 573-0800   - http://www.fortified.com/fortified/

<standard disclaimer>
The opinions expressed above are of the author and may not 
necessarily be representative of Fortified Networks Inc.