> Certainly, but it really depends on how security-aware those sysadmins are. > Here, a security team is necessary to lay the LART upon the heads of those > ubiquitous non-IT engineers who have been given sysadmin powers and who > haven't a clue about security. It means when I discover a gaping hole in > someone's project I don't have to waste my time wielding the LART.
> Greg Oh yeah! And when did you discovered the last security hole in a vendor's application, say Oracle? Would you really blame the sysadmin? Did you advised the corporate management to through out a SAP/PeopleSoft application because you can see hole in their application(s)? Or you talking here about perimeter security, like opening a port on one the firewalls? Ioan