On Thu, 13 Nov 2003 sgorman1@gmu.edu wrote:
I guess the hypothetical would be if you were in charge of security for an AS what would be the cost to put a best-effort worm mitigation system in.
What kind of AS? An AS used by a military organization that has authority over its users and can through them in the brig for failing to follow commands and policy? An AS used by a commercial enterprise that has authority over its users and can fire them for failing to follow commands and policy? An AS used by a university enterprise that has authority over its users and can expell them for failing to follow commands and policy? An AS used by a service provider that has authority over its users and can terminate their network access for failing to follow commands and policy? An AS used by a public agency that is required by law to permit all citizens access to information until proven beyond reasonable doubt the access was misused?