|Main Archive Page > Month Archives > full-disclosure-uk archives|
On Wed, Aug 6, 2008 at 8:15 PM, jf <email@example.com> wrote:
>> And even if they *got* attacked, it's quite possible that the upsides of not
>> bothering to do something outweighed the risks. If you estimate that the
>> cost (including "things you could have spent your time doing") is more than
>> the losses, why bother? "Even if we *got* whacked, we'd lose maybe $500. But
>> in the time I'd waste dealing with the issue, I could generate something that
>> will get us $2,000 in revenue. So if I fix it, I lose $1500, and if I ignore
>> it, I come out $1,500 ahead if we get hit, and $2,000 if we don't".
> so as a student worker, thats what, like a month of your time?
The guy definitely needs wire tapped and perhaps a psychologist. Especially when he started ranting about money and the value of human life in relation to security. I just hope Virgina Tech and the F.B.I get involved in montioring him for his comments, especially after the Virginia Tech massacre and the likes. We could have a fruit ball member of staff at the institute considering something criminal to cut corners in cyber security... or even something murderous in real life depending on what type of mental condition he has actually acquired to make him talk like this.
On Tue, Aug 5, 2008 at 9:57 PM, <Valdis.Kletnieks@vt.edu> wrote:
> They calculate a "value of a life", and use it to evaluate things like
> environmental and safety regulations: If a life is worth $5M, and the
> regulation is projected to save 500 lives (via lower risk of cancer, fewer car
> crashes, whatever), the regulation has to cost less than $2.5B to implement to
> be worth it. If it costs $2B, but only saves 50 lives, that's $40M per life
> and not worth it.
All the best,