|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-Disclosure] Response to comments on Security and Obscurity
Valdis.Kletnieks
vt.edu
Date: Thu Sep 02 2004 - 09:38:48 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, 01 Sep 2004 15:03:03 EDT, "Clairmont, Jan M" said:
> The Clairmont-Everhardt Index of potential Security vulnerability being equal
> to the (Number of Computers)! * (Number of People using the systems)! * (Number of Ports)!
> * (the Lines of Code)! * (The number of Applications)! * (Number of Routers/Hubs)!
> and any other factors you wish to include.
Given the "any other factors" clause, I won't ask what mathematically rigorous
reason there is to suspect that the factorial function is the proper one to use. :)
For starters, although our network has well over 2,000 routers/switches/access points,
the number that are directly impacting the security of the computer I'm typing on
is down in the several dozen range. Similarly, one could make the case that it
should be "(number of computers)" and "(*AVERAGE* number of people per system)"
or a product of "number of users" times "number of systems each user has access to".
And so on....
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFBNzB2cC3lWbTT17ARAlkKAJ4wuJy5+17rEO+ULpjG1XdVQXSJaQCgpJNR
1TvO7Tg9fsb5uq/I9DFMJVI=
=k6NZ
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]