13Oct2009 (UTC +8) A proper evaluation and assurance undertaking, with a very good IT product auditor, can catch corrupt programmers.
The problem is when the higher-ups, or the management, allows the corruption. It becomes even worse still when the buyer of the IT product is corrupt as well. By then, *all* hopes in preventing corruption is dead. On Mon, Oct 12, 2009 at 18:14, Danny Ching <[email protected]> wrote: > Opening the source code gives us a better channce to catch that. May > not be 100%. But better than nothing. > > On Oct 12, 2009, at 6:11 PM, Oscar Plameras <[email protected]> > wrote: > >> Then, you have a corrupt programmer. >> >> There's nothing you can do when there's a programmer in your team who >> is corrupt. >> >> This is a project management issue and not a systems issue that is >> properly dealt with before and during the development. >> >> On Mon, Oct 12, 2009 at 9:06 PM, Danny Ching <[email protected]> >> wrote: >>> Allow me to clarify. Assume that I pay the programmer to order the >>> computer to double votes to Danny if there is a candidate named Juan >>> De la Cruz, will simulation catch that? What if the trigger is a name >>> that says fhrbdudnejd. Will that scenario be tested? There is no way >>> to see that with simulation. Not unless you know what you are looking >>> for. Source code review will expose that. Drexx Laggui -- CISA, CISSP, CFE Associate, ISO27001 LA, CCSI, CSA http://www.laggui.com ( Singapore / Manila / California ) Computer forensics; Penetration testing; QMS & ISMS developers; K-Transfer PGP fingerprint = 6E62 A089 E3EA 1B93 BFB4 8363 FFEC 3976 FF31 8A4E _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
