Path: utzoo!attcan!uunet!tut.cis.ohio-state.edu!ucbvax!VAX.FTP.COM!stev From: stev@VAX.FTP.COM Newsgroups: comp.protocols.tcp-ip Subject: re: the worm and internet security Message-ID: <8908091347.AA02088@vax.ftp.com> Date: 9 Aug 89 13:47:39 GMT Sender: daemon@ucbvax.BERKELEY.EDU Organization: The Internet Lines: 30 *Somebody (the DoD, a major university, or an interested member of the *press) ought to organize an annual competition, in which each of the *vendors would try to crack its competitors' systems. A mini-network *would be set up, and each vendor's tiger team would try to crack as *many other systems in as many ways as possible during some fixed time *interval. The results would be published openly so that potential *customers could take security issues into account when choosing *vendors. *Comments, anyone? i doubt any of the major vendors would show up, unless they were forced to somehow, like the goverment requiring all equipment in bids show up at these "meetings". even then, i am not sure anything would get fixed. i think instead alot of things would become "non-standard". things like finger and rcp and rlogin and such would be moved to the "unsupported networking tape". you probably cant force the big guys to play ball if they dont want to, and you probably cant organize enough of the customer base to make them want to. sorry if i seem pessimistic, but i have been around for this before, and only seen it work once. (you need to get *only* the engineers together. if *anyone* else shows up, you should forget it.) stev knowles stev@ftp.com 617-246-0900 ftp software