In <[EMAIL PROTECTED]>, on 11/02/2005 at 02:06 PM, Walt Farrell <[EMAIL PROTECTED]> said:
>I'm not sure I understand how you would expect an auditor to be able >to verify that a vendor hadn't shipped a trojan horse. You really >want all the auditors visiting all the vendors and personally >inspecting all the code? Why not? If they're concerned enough to visit the vendors and inspect the AC(1) code, then why shouldn't they be concerned enough to inspect the unprivileged code? -- Shmuel (Seymour J.) Metz, SysProg and JOAT ISO position; see <http://patriot.net/~shmuel/resume/brief.html> We don't care. We don't have to care, we're Congress. (S877: The Shut up and Eat Your spam act of 2003) ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html