| ...I've never understood why it is that managers who would never dream
| of second-guessing an electrician about electrical wiring, a
| construction engineer about wall bracing, a mechanic about car
| repairs, will not hesitate to believe - or at least act as though they
| believe - they know better than their in-house experts when it comes
| to what computer, especially software, decisions are appropriate, and
| use their management position to dictate choices based on their
| inexpert, incompletely informed, and often totally incompetent
| opinions.  (Not just security decisions, either, though that's one of
| the cases with the most unfortunate consequences.)
This is perhaps the most significant advantage to licensing and other
forms of official recognition of competence.  At least in theory, a
licensed professional is bound by an officially-sanctioned code of
conduct to which he has to answer, regardless of his employment chain
of command.

In reality, of course, things are not nearly so simple, along many
dimensions.  Theory and practice are often very different.  However ...
the next time you run into a situation where you are forced into
a technically bad decision because some salesman took a VP to a nice
golf course - imagine that you could pull down some official regulation
that supported your argument.  The world has many shades of gray....

                                                        -- Jerry
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.

Reply via email to