-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mr Berry,
Please excuse the delay; I have been on business between multiple states I do not necessarily disagree with your remark that Open Source code (GNU Licensed) is inherently flawed or insecure nor do I disagree with your rebuttal example of qmail in a general sense. But, if you take my response in its totality (to your original request for information) it is correct. I also understand your intent of this posting as to try and generate a specific response to a question that exists in many Security Professionals discussions. (What is the worst app) Let me amplify further on my response: 1. Baselines are determined through sound Configuration Management. 2. Applications that have been applied or requested to be added to a baseline via Configuration Management processes are Certified and Accredited (C/A). (C/A includes the corporate security policy applicability and effects, security test and eval, contingency planning, risk acceptance and mitigation, lifecycle etc....) 3. All is determined through excepted Risk (Management decides not the users). This is a business case as well as a securty issue. 4. Configuration Management is applied to policy and users follow policy (At least they are required to: (Sarcastic)) In a nutshell, the sign on you’re would say: You are not allowed to install any application. Contact your SysAdmin or CSO for more information. Please excuse the truncation of my response. If you would like further elaboration please let me know. Beer is good........ Take Care, Ron Mehring Information Assurance Specialist Snip>>>Your response>>>> >From: <[EMAIL PROTECTED]> >I recommend the following be identified as the most insecure: > >1. Freeware > >2. Shareware I fail to see how the license can make software insecure, qmail is free as in beer, yet is very secure. Snip>>>My Post>>>> I recommend the following be identified as the most insecure: 1. Freeware 2. Shareware 3. Software\Hardware that bypasses security boundry [enclave] protection 4. Anything not on the company application/hardware baseline {Certified and Accrediated}. By the way, Wireless Networks when properly implemented can be made extremly secure. But must be managed. Take Care, Ron Mehring Information Assurance Specialist -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.3 wkYEARECAAYFAj8PO/sACgkQWK2PgP0JMmpmtgCeNXb7Wk0O558o3OU4RaSwGZ0OEY8A n1SYUI7ejmGcsh5LkD0Oq2wcLxgf =pS3j -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messenger&l=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------