On Sun, Aug 11, 2013 at 05:45:02AM -0700, coderman wrote:
some questions, some answers, ...
Thanks. I appreciate your point about how "security through obscurity" factors into this. I wonder, though, about putting as much of possible of this online somewhere with tutorials, scripts, forums, etc. that your more typical sys admin could find and use. They might not have everything, but enough to make their services 99.99% secure. Those that provide the info would probably still have some things to their own and be 99.9999% secure. Included in the scripts and info would be ways to record artifacts of an exploit, and quickly and securely store them where they could be used to patch. The cost for dropping a 0day on a service provider goes through the roof.