On Jan 10, 2008 9:32 PM, Sean Donelan <sean@donelan.com> wrote:
Q: What do anti-virus companies really think about security issues?
http://www.nruns.com/ps/The_Death_of_AV_Defense_in_Depth-Revisiting_Anti-Vir... Of particular interest are the slides on "Vendor responses"...
Q: What do banks really think about security issues? Q: What do law enforcement agencies really think about security issues?
In order to best answer these types of questions, I suggest you first read Geekonomics, the dotCrime Manifesto, and Secure Programming with Static Analysis for some background. I see a lot of you talking about information sharing, which is great. How much overlap is there between nspsec and the Financial ISAC? Is FIRST the place to go to sort out these issues? This sort of conversation came up in passing on the botnets mailing-list only a few months ago - http://www.mail-archive.com/botnets@whitestar.linuxbox.org/msg00924.html I don't see any particular failure of the ISP community. We all hit our vendors pretty hard when it comes to security issues, and we protect and respond to customer issues better than any software vendor that I'm aware of. If you want to get involved in security with your local bank, attend a local OWASP meeting. If you want to get involved with law enforcement, attend a local Infragard meeting. dre