In <[EMAIL PROTECTED]>, on 11/01/2005 at 02:29 PM, "Patrick O'Keefe" <[EMAIL PROTECTED]> said:
>I suppose an auditor might be trained to ask "Does the vendor say >these modules have to be in an authorized library?" and pass the >question to the vendor only if the answer is "Yes". That's reasonable if the auditor is incompetent. If the auditor is good then I'd want him to ensure that the vendor doesn't have any trojan horses in the software that my users are calling. -- Shmuel (Seymour J.) Metz, SysProg and JOAT ISO position; see <http://patriot.net/~shmuel/resume/brief.html> We don't care. We don't have to care, we're Congress. (S877: The Shut up and Eat Your spam act of 2003) ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html