George Capehart wrote:
Yes, assuming management cares . . . and that's *my* broken record . . .
:)
If the tone of my comments was a bit harsh, it is most emphatically not
intended to be directed at your thoughts. It is only because of my
intense frustration with the situation. When Management
I've been trying to get IT Auditors and the Audit community in general to apply
the same
due dilligence to operating systems (infrastructure or general controls) that
they apply
to applications systems testing.
I'm not aware of anyone in the IT Audit community doing OS audits - to verify
that
FYI this is part of a notice that went out to financial institutions
recently.
Complete Financial Institution Letter:
http://www.fdic.gov/news/news/financial/2004/fil12104.html
Highlights:
Management is responsible for ensuring that commercial off-the-shelf
(COTS) software packages and
Changing liability laws on the other hand is a simple solution.
But at what price? It would kill off open source completely, as far as
I can see, in the jurisdiction(s) in question. (How many open source
projects could afford to defend a liability suit even if they (a)
wanted to and (b) had a
I have to say I find your comparison between bridge engineers and software
engineers rather troubling.
In response to your question:
'Would you accept it was too hard to do a stress analysis from the
engineer designing a bridge?'
I think, regrettably, we probably would do these days.
[EMAIL PROTECTED]
Subject: Re: [SC-L] How do we improve s/w developer awareness?
Date: Thu, 2 Dec 2004 12:52:35 -0800
Sender: [EMAIL PROTECTED]
Precedence: bulk
Mailing-List: contact [EMAIL PROTECTED] ; run by MajorDomo
List-Id: Secure Coding Mailing List sc-l.securecoding.org
List-Post:
