North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Q: What do ISPs really think about security issues?

  • From: Andre Gironda
  • Date: Fri Jan 11 10:43:49 2008
  • Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:reply-to:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; bh=S2c6paCumogIvhLSMMrGM0O9gz7kN5AdDZOG9Vsg8Mc=; b=dYv6scYKKFsaOKWyQc1efnTI3bvZUiOLMw9AVCSggQxhY1NAxdqiBY8bzJHgCKWED78X7xpkMjAZiVxrN1Z59ki1pqgkot8iDIrmLPo5lrIUaTJPU0wECjBF18X/J/sViJEJahhjLWfaymZLmnBlVJJ8KpRIiF2tArOqvraRygE=
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:reply-to:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=po4aLhF2g5++nvq2bF7TjHx4e1pdEEpdxMues4Lyr48OYYZ95SzosvS1b6Arcr5PaTLBSM0kCMDtaMLzysf6nv6o+SCn7hhD/xO+wEeUssZtx+2NYcVQ+CTHr+PwRH513ZtH26tyUtvwL8LVFH4AnnKkLpUFxTBRWooQgWwVw/E=

On Jan 10, 2008 9:32 PM, Sean Donelan <sean@xxxxxxxxxxx> wrote:
> Q: What do anti-virus companies really think about security issues?

http://www.nruns.com/ps/The_Death_of_AV_Defense_in_Depth-Revisiting_Anti-Virus_Software.pdf
Of particular interest are the slides on "Vendor responses"...

> Q: What do banks really think about security issues?
> Q: What do law enforcement agencies really think about security issues?

In order to best answer these types of questions, I suggest you first
read Geekonomics, the dotCrime Manifesto, and Secure Programming with
Static Analysis for some background.

I see a lot of you talking about information sharing, which is great.
How much overlap is there between nspsec and the Financial ISAC?  Is
FIRST the place to go to sort out these issues?

This sort of conversation came up in passing on the botnets
mailing-list only a few months ago -
http://www.mail-archive.com/botnets@xxxxxxxxxxxxxxxxxxxxxx/msg00924.html

I don't see any particular failure of the ISP community.  We all hit
our vendors pretty hard when it comes to security issues, and we
protect and respond to customer issues better than any software vendor
that I'm aware of.

If you want to get involved in security with your local bank, attend a
local OWASP meeting.  If you want to get involved with law
enforcement, attend a local Infragard meeting.

dre