« Internet Lawyer: Dismissal of MySpace Criminal Case | Main | Internet Lawyer: $675,000 Copyright Infringement Judgment »

July 27, 2009

Comments

Thanks, anonymous. What is it about you types that you have to turn your comments into personal attacks, and then expect a response and the right to debate me? This is becoming a recurring theme. Deny and obfuscate...and when that fails attack the messenger.

Many people are against security information being freely available to the public, but let me ask you this:

Would you prefer security information only be available to those who can find it on their own, those with lots of money, or to the general public?

I think if there's a problem with a product, it should be publicly known, if for no other reason than consumer education. Many advances in computer security are later found to have been made by the NSA years before its public release. Don't you think that if the NSA can figure it out first, there's bad guys out there with the same skill level who know it anyway?

I know you like BlackHat a lot better than DEFCON because every Tom, Dick, and Harry can get into DEFCON without giving a real name, but BlackHat slides are made available to the general public online after the conference, so in the end, it's the same.

While I respect the fact that you have an opinion on a field you are not an expert in, please remember that you are not, in fact, an expert in the computer security field.

Well said.

And that is the struggle...the balancing act...the information security industry needs to know. But at what cost? Exposing small businesses to risk? And at what point does the risk to small business outweigh the benefits to big business and the government of an open airing of security information?

No, I am not an expert in information security and I greatly respect the industry and professionals. But we need to take a step back and revisit this approach. I do have a bit of experience in protecting the "little guys" out there from attacks. Perhaps a bit of an empathetic perspective towards the plight of the small business exposed unnecessarily is what is needed.

But yes, there is a very real debate here that needs to be engaged. The balancing of the need to know with the risk created in doing so.

Again, thanks for your comments, and you have captured the essence of the issue that we face today.

The comments to this entry are closed.