Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!ucbvax!SAIC.COM!little
From: little@SAIC.COM (Mike Little)
Newsgroups: comp.protocols.tcp-ip
Subject: Re: the worm and internet security
Message-ID: <8908091555.AA01443@ASLAN.SAIC.COM>
Date: 9 Aug 89 15:55:53 GMT
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 14

John Polstra wrote and suggested an annual security rodeo for major vendors
with visitors and press to record the results.  Winners likely get to bake
the losers through marketing ads.  I'd like to point out a problem with
this scheme:  the systems brought to the competition are not necessarily
those I buy.  One would need to employ a stock car racing analogy, where
some modifications are allowed - change default passwords, locate machine
as "standard" (and what would THAT mean?) host on a network, etc.  At 
some point what becomes allowed is beyond what you or I would do as an
administrator;  at which point the purpose is forgotten in favor of the
competition and the trophies.  However, I agree the approach is time tested.
Competition is an age old method of determination;  perhaps the challenge
here is to determine the appropriate contest(s).

					-Mike