On Sat, Oct 26, 2013 at 3:47 PM, <[email protected]> wrote:
> One major flaw in your example is that as a system administrator,
> it's not your job to dig through every line of the web application
> to see if it is following best practices.
>
Not what I meant nor what I thought I said.
Your responsibility would be to maintain the *system* in a manner that is
in keeping with current standards and practices. i.e. Are users forced to
change passwords on a regular period? Are passwords run through security
checkers to make sure that they adhere to a known standard of security? Are
unnecessary daemons and processes locked down/turned off, etc., etc., etc.
Should the exploit vector be something one of the developers did it will be
out of the SAs purview and the won't be liable/responsible for the problems.
The point was *intended* to be that unless the companies who are using SAs
feel a financial impact, they won't consider it anything more than a
glorified hobby.
--
<< MCT >> Michael C Tiernan.
http://www.linkedin.com/in/mtiernan
Non Impediti Ratione Cogatationis
_______________________________________________
Discuss mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the League of Professional System Administrators
http://lopsa.org/
