http://www.riskbloggers.com/irawinkler/2007/03/the-most-important-thing-in-security-is-responsibility/ Security Wisdom Ahead of the Curve Sat, 17 May 2008 19:31:58 +0000 http://wordpress.org/?v=2.5.1 http://www.riskbloggers.com/irawinkler/2007/03/the-most-important-thing-in-security-is-responsibility/#comment-3349 admin Tue, 27 Mar 2007 08:19:59 +0000 http://www.riskbloggers.com/irawinkler/2007/03/the-most-important-thing-in-security-is-responsibility/#comment-3349 The problem is when attacks don't fit into the nicely "preventable if you are savvy and willing to potentially annoy users" category. 0-day exploits, or vendors who ship software that is seriously broken (back in the day Netscape's email server couldn't restrict who relayed email through it, spammers had a field day). In any event it is important to find out what failed and how it failed (a.k.a. blame sometimes) so that you can properly prevent it. Just running out of burning buildings is not going to result in stronger building codes and fire codes. The problem is when attacks don’t fit into the nicely “preventable if you are savvy and willing to potentially annoy users” category. 0-day exploits, or vendors who ship software that is seriously broken (back in the day Netscape’s email server couldn’t restrict who relayed email through it, spammers had a field day). In any event it is important to find out what failed and how it failed (a.k.a. blame sometimes) so that you can properly prevent it. Just running out of burning buildings is not going to result in stronger building codes and fire codes.

]]>