In <[EMAIL PROTECTED]>, on 11/01/2005
at 02:29 PM, "Patrick O'Keefe" <[EMAIL PROTECTED]> said:
>I suppose an auditor might be trained to ask "Does the vendor say
>these modules have to be in an authorized library?" and pass the
>question to the vendor only if the answer is "Yes".
That's reasonable if the auditor is incompetent. If the auditor is
good then I'd want him to ensure that the vendor doesn't have any
trojan horses in the software that my users are calling.
--
Shmuel (Seymour J.) Metz, SysProg and JOAT
ISO position; see <http://patriot.net/~shmuel/resume/brief.html>
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
