begin quoting Todd Walton as of Sun, Jun 15, 2008 at 09:21:15AM -0500: > On Sun, Jun 15, 2008 at 4:33 AM, James G. Sack wrote that Bruce Schneier > wrote: > > ..solution is not to sell security directly, but to include it as part > > of a more general product or service. Your car comes with safety and > > security features built in; they're not sold separately. Same with your > > house. And it should be the same with computers and networks. Vendors > > need to build security into the products and services that customers > > actually want. CIOs should include security as an integral part of > > everything they budget for. Security shouldn't be a separate policy for > > employees to follow but part of overall IT policy. > > But that only works so far as security can be canned up and put into a > product. There's an element of security that requires someone to stop > and think about it.
Oh, that's what process is for. We'll hire a bunch of junior folks, and we'll hand them five three-inch binders, and they'll come up with a solution, all according to the certified process. -- Nothing could go wrong! Stewart Stremler -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
