David E. Ross wrote: > On 1/3/2009 6:51 PM, Ian G wrote: >> It was written: >>> But aren't auditors the eye of the public performing and recording those >>> operations? >> >> That's one theory. Here is another: Who is the client of the auditor? >> The auditor has a duty to the client that (arguably) outweighs the >> duty to anyone else. >> >> You might not agree to the above characterisation. But, try this test: >> can you draw a line from the auditor to the public? >> > > The line from auditor to the public has been drawn in the courts, where > lawsuits against auditors by investors injured by corporate fraud have > been successful.
But unfortunately this likely does not apply to IT security audits. Ciao, Michael. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto