On Thu, 12 Jan 2006, Martin Hannigan wrote:
If we accept the "clue" problem as the solution, I think we accept the fact that we condone the vendor not having secure solutions. That may be fine for our new colleague the 'security
vendors should always, or be beatten about the head/shoulders when not, put out secure products... always.
engineer', but it's not good for the Internet as a whole and it distracts us from the work of making it work.
how is it better for security engineers? it's hell, every 3rd month a new 'default passwd' often on a 'security' device :( talk about stupid :(
Offering tutorials at NANOG is a great effort towards the clue issue, but maybe we should offer vendors tutorials on the inverse?
Some vendors have asked and received this sort of thing, does huwei (which I butchered the spelling of) want one? (or need one?) how about netgear and their lovely NTP issue? or checkpoint or ... there are quite a few vendors out there, some even attend NANOG. If they listened to their customers I suspect they'd hear: "I want a secure platform!" quite loudly.