About different views of the world or who is gnawing some carrots

Found interesting and revealing material in the blog widely known in wide circles Alexey Lukatsky.
In fact, this is a response to habrahabr.ru/post/169491

All theses are in principle understandable and expected.
There is a look at things from under the red eyelids of a sleepless enthusiast-hacker and there is a business with its risk assessments and principles like: “What cannot be evaluated — it cannot be managed”.


')
“ They say that vulnerability has been found on the site, it is urgently necessary to eliminate it, and then tell me what kind of consequences will come! WHAT? What is the first question the business asks. At that, any profound statements about reputation, the seriousness of the damage, the importance of the consequences, the phrases "well, you understand everything" do not lead to anything. Business does not understand. Not because he is a fool, but because he understands only the question of money (I will exaggerate a little, of course). Show me what time a hole will pour out on the site ? In the money show! There is no direct damage? Show indirectly. You can not posch a thief? Then go and learn how to read, do not take the time. But how? .. And the risks ... Risks? What are the risks? "

Then the master goes to the person :)

" Then the hole-seekers on the site start whining about the fact that they are not appreciated and no one needs them. There are two ways out. Or safety technician understands the limitations of his view of the world and changes it, starting to perceive a much larger palette of colors in the IB world. Or The tech-technician decides to demonstrate in practice the reality of his statements about the seriousness of the consequences of exploiting vulnerabilities on the site. At best, he is driven out; at worst, he goes through the stage (and perhaps not even under article 272). Certain phenomena manage the whole life Hb to live with the notion that no one understands and does not appreciate, and they know that the coolest in the world bezopasnik. "

It summarizes as follows.

“It’s easy to summarize: SHOWING MONEY before blaming a business for stupidity and misunderstanding of security. A business also considers a security guard stupid who does not understand the needs of a business and doesn’t know how to talk to him in a language that business understands. contract. It is necessary to listen to the opinion of the business, rather than stupidly impose their own. "

An interesting comment in his blog.

" Alexey, analyzing your extreme posts (including this one) involuntarily imposes a conclusion - the shkolota seriously hurt you . To whom and what are you trying to prove? Calm down, everyone eats his carrot ."

I always wondered how this transition happens. From interests (and maybe even more from “sharpening the brain”) that lead to writing books like “Attack from the INTERNET” (read one of the first publications in paper form, nostalgia), one of whose authors is Lukatsky (for 1999 the material was quite adequate and relevant), to the calculations of spherical horses in a vacuum. Although, here I am exaggerating. There is a place in the information security of course, and all sorts of estimates, and the development of tactics and strategies, and other all sorts of policies and high-level high-abstract cleverness. It would be foolish to deny it. But, IMHO, especially in our country, with our legislation and other realities, it’s all so disconnected from life that even such vacuum bison aeronautics miss hardcore and are not indifferent to the attacks of “shkoloty” with red eyes from lack of sleep. And yes, there is another danger to business. What his fooled (just fooled, not cut one) at one point, the new "grandmother". Or is this already the norm, and it is simply impossible to understand “gnawing another carrot”?