On Fri, 28 April 2000, Paul Ferguson wrote:
Not that I'm a money-grubbing, stock-sucking bastard, but speaking as a member of the "community", I'm a little spooked by how reckless journalism, and off-hand comments on mailing lists, affect peoples (read: companies) financial futures (this is actually just the tip of the proverbial iceberg).
Companies face a dilemma. On one hand the FBI doesn't want them to reveal critical information to the public. The FBI is setting up an InfraGuard program supposedly to allow companies to share "private" information without it getting out to the public. On the other hand the SEC wants them to keep all its investors informed about material information. Sharing information with only a few people outside the company may also get you in trouble. Is there a correct answer for all situations? I don't know. I've seen bad outcomes from both no disclosure and full disclosure.
If things/people/processes/architecture/etc. is at fault, then let's discuss it as a community that wishes to propel ourselves into the promising future. Otherwise, let's just demonize everyone whow learns their lesson the old fashioned way -- with failures.
But a lack of self-criticism does make a mockery of the claim that Internet is a mature institution, and it exposes the net to the risk, noted by Santayana, that those who dont understand their history are doomed to repeat it. (plagiarized from numerous places) Are there really any new types of attacks? Or is it just variations on existing themes?