illustrating the facepalm of security discussions

If you’d like a quick dose of why discussion in the security circles goes in, well, circles, check out the “Rate Stratfor’s Incident Response” thread taking place on the full-disclosure mailing list. The real headache-inducing pieces take a few responses to get to, but eventually the discussion piles into hiring hackers, security economics, and perfect security. Unfortunately, some of the discussion is driven by one or more people who fail a bit at critical thinking in discussions like this, but it still illustrates some of the pain in security, especially how people coming in from different perspectives are just as correct as others from other perspectives. And this is just discussion and not real action! (I’m ignoring any difficulty in non-english responses, but that is also a troublespot in the small, global community of security).

Granted, there are some non-industry people in the list, and some who don’t really sound like they’ve had a real deep technical job (or have any business sense), but certainly there are plenty of decent participants.