Path: utzoo!attcan!uunet!tut.cis.ohio-state.edu!ucbvax!VAX.FTP.COM!stev
From: stev@VAX.FTP.COM
Newsgroups: comp.protocols.tcp-ip
Subject: re: the worm and internet security
Message-ID: <8908091347.AA02088@vax.ftp.com>
Date: 9 Aug 89 13:47:39 GMT
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 30


*Somebody (the DoD, a major university, or an interested member of the
*press) ought to organize an annual competition, in which each of the
*vendors would try to crack its competitors' systems.  A mini-network
*would be set up, and each vendor's tiger team would try to crack as
*many other systems in as many ways as possible during some fixed time
*interval.  The results would be published openly so that potential
*customers could take security issues into account when choosing
*vendors.

*Comments, anyone?


i doubt any of the major vendors would show up, unless they were forced to
somehow, like the goverment requiring all equipment in bids show up at
these "meetings". even then, i am not sure anything would get fixed. i
think instead alot of things would become "non-standard". things like
finger and rcp and rlogin and such would be moved to the "unsupported
networking tape". you probably cant force the big guys to play ball if
they dont want to, and you probably cant organize enough of the customer
base to make them want to.

sorry if i seem pessimistic, but i have been around for this before, and
only seen it work once. (you need to get *only* the engineers together. if
*anyone* else shows up, you should forget it.)

stev knowles
stev@ftp.com
617-246-0900
ftp software