Jump to content

Talk:Vulnerability (computer security)

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Abaddon314159 (talk | contribs) at 23:39, 20 March 2007 (weighed in on what i see as bias in the discussion of full disclosure). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

I think this is a good idea -- the Software security vulnerability article can be used as part of the Vulnerability article.


I am curious, doesn't vulnerability need to say that its "vulnerable to" something? for example, we don't say that "New Orleans is vulnerable." We might say that "New Orleans has a high vulnerability to a Force 5 hurricane" but could we just say that the "New Orleans Levees have high vulnerabilities to hurricanes" I don't think so since they really were only vulnerable to level 5 and higher. There needs to be a force against. Or a Threat... in fact more specifically, there needs to be a specific amount of threat. Like FORCE 5 hurricanes. In computing, vendors have erroneously stated that a server has a high vulnerability... but often without regard to what amount threat. My server has almost no vulnerabilities if my threat agent is a four-year-old girl. But a skilled, malicious hacker sponsored by a terrorist state might make Swiss cheese of my server. Did my vulnerability just change based on the threat agent's capabilities? I think it did. Maybe we should consider adding something that states that vendors of security products typically over-generalize the acting threat agents... or do they even consider them?

I think the section on full disclosure starts out good, showing a balanced view of the topic, but then takes a biased point of view, I myself am generally considered an expert in the security arena that the public listens to and I don't fully agree with full disclosure, its a complicated issue, it should be discussed by all means but the sentence that reads "From the security perspective, only a free and public disclosure can ensure that all interested parties get the relevant information. Security through obscurity is a concept that most experts consider unreliable." onward takes a biased view point on the issue, there are pros and cons to both sides and wikipedia shouldnt be taking sides on this or any contravercial issue --Michael Lynn 23:39, 20 March 2007 (UTC)[reply]