<netsecurityadm> Interesting. I have stated many times that patching is more important than antivirus
<netsecurityadm> the recent BIG viruses- CodeRed, Nimda, SQL Slammer- all took advantage of flaws for which patches were available for months
<netsecurityadm> If users would just have stayed current on patching those viruses would have fizzled instead of crippling the Internet
<HE_Real_McClure> Agreed 100%%. If you have to expend energy, patching regularly will do more than anything...
<netsecurityadm> I saw that the Organization for Internet Safety released the draft of the Security Vulnerability Reporting and Response Process
<netsecurityadm> Foundstone was a founding member of the OIS- did you have any input into this document?
<HE_Real_McClure> We are loosely involved in those efforts and definitely had some input on the document's content. Despite all the hype, the groups efforts legitimately attempt to define a common set of rules that vendors and research can follow to accomplish the ultimate goal: making systems secure...
<netsecurityadm> For those who want to check it out, you can go this site http://www.oisafety.org/about.html
<netsecurityadm> It is open for comment until July 7, 2003
<netsecurityadm> Do you think that the federal DMCA law and the state-level super-DMCA laws in some states are hindering legitimate security research?
<HE_Real_McClure> As a general rule, I think that the risk of security research hindering is outweighed by the deterrant of DMCA. I don't think we need to be able to decompile applications to find security weaknesses. We just need to educate vendors, their programmers and architects, to build applications securely...
<netsecurityadm> We are coming to the end of our time- any last questions from the audience?
<Simo> im fine
<Simo> just been listening
<netsecurityadm> Well, I want to thank both George Kurtz and Stuart McClure once again for taking time out of their busy schedules to spend with us
<Charlie> no thankyou, it has been interesting and I would like to see more forums like this
<netsecurityadm> I have enjoyed the chat.
<Charlie> will come better prepared next time
<Simo> i have HE 3rd edition
<HE_Real_McClure> Thanks everyone! Stay secure...
<Simo> ;-)
<netsecurityadm> Stuart and George- I look forward to speaking to you and / or working with you in the future. If you are ever in Michigan for any reason let me know
<HE_Real_McClure> Definitely! Thanks again!