At 0:37 1/9/96 -0800, Lucky Green wrote:
Very true. But why does it always seem to take an exploitable crack before companies pay attention to security flaws? Is it because they are unable to admit that they have made a mistake? Everybody makes mistakes. What's the big deal? I really don't understand it. Any psychologists on this list?
Having, in the past, attempted to sell an Operating System with high security features, and failed, I think I can give you some insight. Security does not sell an OS to anyone, even the Department of Defense. People buy OSs to run applications. The only thing a lack of security in an OS will do is allow someone in an obscure department (perhaps called Corporate Security) to say no. Security is a checkoff item, and if you can convince a retired major that the OS is secure, then he will approve it. He is not going to check the details. His expertise is in guard stations and chain link fences. However, if someone, e.g. the trade press, rubs his nose in the fact that an OS's security can be breached, then he will take action. He will pressure the publisher to release a fix that they say will fix the problem. When they do, he will be happy. Microsoft particulary, is oriented to selling product, not pride in workmanship. ----------------------------------------------------------------- Bill Frantz Periwinkle -- Computer Consulting (408)356-8506 16345 Englewood Ave. frantz@netcom.com Los Gatos, CA 95032, USA