On Fri, 23 Mar 2001, Derek D. Martin wrote:
>> I believe Bruce Schneier said it best when he said " Anyone who believes
>> that reactionary security measures are sufficient is either ignorant,
>> blind, or management".
>
> This is both humerous and well-said, but belies the real problem.
> Management falls into the same category as the poor newbie playing with
> their first free U*ix distro.
Not always. There have been plenty of times when Management was told what
was going on. The admins informed. They reported. They requested. They
argued. They begged, pleaded, ranted, raved, you name it. But Management
still said No, because it would Cost Too Much or Take Too Long. Then the
system was hacked, and the admins fired, while the managers promised the
customers that It Could Never Happen Again. And then the new admins
informed...
If you don't think this sort of thing is a problem, go ask Francis Scobee,
Michael Smith, Judith Resnik, Ellison Onizuka, Ronald McNair, or Gregory
Jarvis. Or Christa McAuliffe, for that matter. The Space Shuttle Challenger
blew up because someone made a "management decision" to launch, despite the
fact that the engineers were telling them not to.
If Management will play games with people's *LIVES* just to make sure some
media event goes off on time, don't you think they'll ignore something as
boring and mundane as security patches?
"We have to make a management decision."
-- Jerry Mason, General Manager, Morton Thiokol, January 27, 1986
--
Ben Scott <[EMAIL PROTECTED]>
Net Technologies, Inc. <http://www.ntisys.com>
Voice: (800)905-3049 x18 Fax: (978)499-7839
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
