From the desk of Lucky Green:

Very true. But why does it always seem to take an exploitable crack before companies pay attention to security flaws? Is it because they are unable to admit that they have made a mistake? Everybody makes mistakes. What's the big deal? I really don't understand it. Any psychologists on this list?

I'm not a psychologist, but I have worked in the Information Security field for a while now. When a system is breached or a CERT Advisory is issued, this is a major embarassment for the company. The breach (or publicized security flaw) shakes the confidence of people in the vendor's products. People are rather unwilling to risk putting their business-critical data on a system which has just recently breached. This lack of confidence translates into a loss in sales. If unchecked or the case if severe enough, this could also translate into a loss of jobs. If the consumers (or some key major players) put pressure on the vendors to secure their systems, then it will happen. Until then, the vendors will continue provide us in the Information Security field with unparalleled job security. 8^) You would be surprised how bad the situation really is and how many companies are vulnerable and to what extent (then again, you may not). We now return you to your discussion on crypto. 8^) Best Regards, Frank Fortified Networks Inc. - Management & Information Security Consulting Phone: (317) 573-0800 - http://www.fortified.com/fortified/ <standard disclaimer> The opinions expressed above are of the author and may not necessarily be representative of Fortified Networks Inc.