And who's going to enforce this? Something to consider, this could mean
that you could face criminal charges if you stated that your network was
secure and an independent audit team belonging to the DOJ proved
otherwise - that'd land a lot of execs in jail (including Gates). Want
to get your CEO put in jail? Just open up that telnet port.
LOL. And more, who would do the audit? I've seen _far_ more audit
reports that aren't worth shit than reports that come close to being
reasonable. Maybe it would make better sense to require such companies
to publisize their security incidents; enable the shareholders to draw
their own conclusions. Not that it would change anything of course;
MicroSoft security status being not particularly secret.
http://www.computerworld.com/securitytopics/security/story/0,10801,86455,00.html?nas=PM-86455
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
