der Mouse wrote: >> The vast majority of IT executives are unfamiliar with all of the >> principles of security, firewalls, coding, whatever. >> > ... > >> The important thing to understand is that such principles are below >> their granularity; the[y] are *right* to not care about such >> principles, because they can't do anything about them. >> > Perhaps - but then, they have to stop second-guessing the people who > *do* know what they're talking about. Trying to have it both ways - > management that is inexpert but nevertheless imposes their opinions on > design or buying decisions - is a recipe for disaster, and, while > hardly universal, is all too common. > I submit that really *good* managers do listen to the experts around them. That is really basic to good management; surround yourself with experts, and then listen to them.
Of course there's lots of bad managers, because managing is so subjective that bad managers find it easy to survive. Measuring the quality of management is about as difficult as measuring the quality of software. > I've never understood why it is that managers who would never dream of > second-guessing an electrician about electrical wiring, a construction > engineer about wall bracing, a mechanic about car repairs, will not > hesitate to believe - or at least act as though they believe - they > know better than their in-house experts when it comes to what computer, > especially software, decisions are appropriate, and use their > management position to dictate choices based on their inexpert, > incompletely informed, and often totally incompetent opinions. (Not > just security decisions, either, though that's one of the cases with > the most unfortunate consequences.) > Because the kind of personality that seeks to become a manager is a self-important arrogant snot, myself included :) It thus takes conscious effort to listen to the opinions of others, and let them win when they have a persuasive argument. Even more simple: this trait of believing your own opinions more than those of others is nearly universal in humans. Managers simply have the power to indulge themselves, and only occasionally have the wisdom to *not* indulge themselves. Crispin -- Crispin Cowan, Ph.D. http://crispincowan.com/~crispin CEO, Mercenary Linux http://mercenarylinux.com/ Itanium. Vista. GPLv3. Complexity at work _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________