Michael Tiernan made the following keystrokes: >Not what I meant nor what I thought I said. >...... >Should the exploit vector be something one of the developers did it will be >out of the SAs purview and the won't be liable/responsible for the problems. > >The point was *intended* to be that unless the companies who are using SAs >feel a financial impact, they won't consider it anything more than a >glorified hobby.
I can see/saw your viewpoint. Hopefully having a "professional" SA does not provide a scape-goat for all the others to point to and indicate it's that positions fault the data escaped. This may also become the default point of blame until "proven" otherwise. Now you really get into drawing boundries around what the SA does, what they can and can't touch or even advise on. As the SA, if you give advice to the web developers on some app issues, you may be assuming responsibility.. This is why most doctors and lawyers refuse to give advise to non-clients. It opens the door to liability issues. I don't want to be one of those early adoptors of that kind of reality. Stepping outside the defined boundries to look at something new may not be allowed without a really well defined set of test cases, etc. IF there is going to be something to cause places to pay attention to SA as a profession, my feeling is there are many others they will need to include in that set as well. Web developers, App developers, db, ..... /~\ The ASCII Gene Rackow email: [email protected] \ / Ribbon Campaign Cyber Security Office voice: 630-252-7126 X Against HTML Argonne National Lab / \ Email! 9700 S. Cass Ave. / Argonne, IL 60439 _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
