In <[EMAIL PROTECTED]>, on 11/02/2005 at 02:15 PM, "Patrick O'Keefe" <[EMAIL PROTECTED]> said:
>Unless I misunderstand what you said, I think we're saying about the >same thing. No. >But if the vendor *does* require an authorized library then the >auditor might want to approach the vendor. If the auditor does not trust the vendor, then inspecting the AC(1) code is a half measure. An unauthorized program can still alter and copy user data in order to sabotage or steal them. -- Shmuel (Seymour J.) Metz, SysProg and JOAT ISO position; see <http://patriot.net/~shmuel/resume/brief.html> We don't care. We don't have to care, we're Congress. (S877: The Shut up and Eat Your spam act of 2003) ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html