On Tue, 19 Jul 2016 22:13:00 -0400 Steve Kinney <ad...@pilobilus.net> wrote:
> Bridging the trust gap between the IT community and the US government > is already a done deal, because there has never been one. The U.S. > government funded and directed the creation of the IT industry. ^^^ quoted for truth > The U.S. government has not alienated the IT community: It has > shielded this community from liability for fraudulent performance > claims, fed it billions of dollars of annual revenue, and given > Fortune 500 IT corporations nearly full control of government policy > affecting those same corporations. so called patents and copyrights, i.e. government privileges, play a fundamental role too. > Mandate security evaluations based on performance and design metrics > for all software (and firmware) purchased for use by government > agencies and departments. You do get a good amount of statist pig points for that one. Actually, the government must stop buying stuff and must start giving back all the money they stole. > > Mandate reporting of security incidents by every government activity, > and every commercial enterprise with a State or Federal tax ID, So yeah, statist bullshit. > Direct the Federal Communication Commission to conduct and annually > review studies on the privacy impacts, And even more statist bullshit. And of course I now have to ask. First you correctly explain the relationship between the 'industry' and the state and then expect the state to regulate it? What? > See above. A durable commitment of all necessary resources to assure > that the measures suggested in response to query 2 are effectively > implemented would create and sustain rational, constrained trust > relationships affecting all those aspects of "cybersecurity" which are > properly the government's business. So yeah, statist pig. > > A practicable proposal would be one that is within the scope of public > policy authorities and industry capabilities: Vendors who assert that > requirements are "impossible" or simply refuse to comply will be > replaced by vendors who are ready to step forward and meet any > challenges presented. Solutions to many of today's most serious and > widespread network security failures are already avaialbe as off the > shelf products from vendors with excellent security track records. such as?