In <[EMAIL PROTECTED]>, on 11/02/2005
at 02:06 PM, Walt Farrell <[EMAIL PROTECTED]> said:
>I'm not sure I understand how you would expect an auditor to be able
>to verify that a vendor hadn't shipped a trojan horse. You really
>want all the auditors visiting all the vendors and personally
>inspecting all the code?
Why not? If they're concerned enough to visit the vendors and inspect
the AC(1) code, then why shouldn't they be concerned enough to inspect
the unprivileged code?
--
Shmuel (Seymour J.) Metz, SysProg and JOAT
ISO position; see <http://patriot.net/~shmuel/resume/brief.html>
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
