[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CERT funding

To: Mark Hittinger <[email protected]>
Subject: Re: CERT funding
From: [email protected]
Date: Thu, 24 Feb 94 07:19:58 EST
Cc: [email protected]
Sender: [email protected]

Thanks, Mark, for an interesting posting about CERT.  Let me add just
one or two comments about the place.

That CERT should be interested in software engineering is a very
good sign.  What do you think causes most security holes?  It *isn't*
lack of cryptography, for the most part, though this last big incident
is an obvious exception.  The answer, of course, is bugs in the
code -- and to that, software engineering is the only answer from
computer science as a whole.  (Bob Morris Sr's keynote address
at the last UNIX Security Conference was entitled ``if your software
is full of bugs, what does that say about its security?'')

As for the database stuff -- from what the folks at CERT have told me
(and yes, I know some of them quite well), they're having a problem
managing the tremendous volume of bug reports, incident reports, etc.
They need to do their own tool-building.

Finally, there are some folks at CERT who are *extremely* sharp.  I don't
know who you talked to, but there are people there I'd hire in an instant
if they were available.

Prev by Date: Re: STEALTH OCEANS (fwd)
Next by Date: FLASH: FBI's Draft Digital Telephony Bill: EFF Summary and Analysis (fwd)
Prev by thread: re: CERT funding
Next by thread: Updated Remailer List/Helpfile?
Index(es):
- Date
- Thread