On Jan 6, 2009, at 8:45 AM, Jack Bates wrote:
Sadly, I think money and time have a lot to do with this.
Even more than this, it's a skillset and mindset issue. Many organizations don't know enough about how the underlying technologies work to understand that they need to incorporate these costs and allocate these resources as part of the project spend, nor do they think to ask around (or even use the Search Engine of Their Choice) to find out about the 'unknown unknowns'. To mount a successful defense, one must learn to think like an attacker. This seems to be a relatively rare attitude, unfortunately. ----------------------------------------------------------------------- Roland Dobbins <rdobbins@cisco.com> // +852.9133.2844 mobile All behavior is economic in motivation and/or consequence.