[WEB SECURITY] Re: [Full-disclosure] comparing information security to other industries

Brian Eaton eaton.lists at gmail.com
Sun Dec 24 09:43:01 EST 2006


On 12/24/06, Michael Zimmermann <zim at vegaa.de> wrote:
> are the computer systems at large nowadays more secure than
> - say - ten years ago?

Some systems are.  But not because the software has gotten any better.
 Organizations have gotten better at defense-in-depth.

Consider patch management systems.  A decade ago, most companies
barely had one at all.  Today, companies are evaluating, verifying,
and pushing out patches within days of their release.  More networks
are isolated behind firewalls, and lots of workstations are using
host-based firewalls.  Even the low-end consumers have gotten better
at this: lots more people are using SOHO routers with firewalls
instead of a cable modem with a wide open internet connection.

The attackers have gotten better as well.  But even when the attackers
successfully exploit a new vulnerability, organizations are better
prepared to deal with the consequences.

You might see another codered type vulnerability in IIS, but there is
no way it would do as much damage as the original worm.

Regards,
Brian

----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



More information about the websecurity mailing list