In <[EMAIL PROTECTED]>, on 11/02/2005
at 02:15 PM, "Patrick O'Keefe" <[EMAIL PROTECTED]> said:
>Unless I misunderstand what you said, I think we're saying about the
>same thing.
No.
>But if the vendor *does* require an authorized library then the
>auditor might want to approach the vendor.
If the auditor does not trust the vendor, then inspecting the AC(1)
code is a half measure. An unauthorized program can still alter and
copy user data in order to sabotage or steal them.
--
Shmuel (Seymour J.) Metz, SysProg and JOAT
ISO position; see <http://patriot.net/~shmuel/resume/brief.html>
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
