On Wed, 5 Sep 2007, [EMAIL PROTECTED] wrote:
The benefit of lowering it from N to N*0.95 needs to outweigh the costs of the care and feeding of said beast.
Wait, you mean that "security" is an economic good, with costs (direct and opportunity) and benefits that must be balanced!?! What a concept! Unfortunately, a concept TOO COMPLEX for the average manager (much less CX0-leveler) to understand. Why, just last Wednesday, I was informed that Sarb-Ox demands that all source code files sport an elaborate, COBOL-style "flowerbox" full of irrelevant, and possibly uninformative details about work sets and dates and modifer-IDs. Now, there's some make-work I can get behind, since Sarb-Ox *doesn't* demand that developers put in any comments on file check-in to the version control system, nor do we have to tie a check-in to a change request or other requirement. Nevertheless, THE FLOWERBOX IS REQUIRED, costs be damned. That's what a manager can understand, the 3 Great Traditions of Sarbanes Oxley: Rum, Requirements and The Lash. PS Will sarcastic and/or sardonic humor make it "fun" enough, or is the low information content and context-dependency of said sarcasm or sardony not enough to clear the High Hurdle of "fun"sec? _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
