-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mr Berry,
Please excuse the delay; I have been on business between multiple states
I do not necessarily disagree with your remark that Open Source code
(GNU Licensed) is inherently flawed or insecure nor do I disagree with
your rebuttal example of qmail in a general sense. But, if you take
my response in its totality (to your original request for information)
it is correct. I also understand your intent of this posting as to try
and generate a specific response to a question that exists in many Security
Professionals discussions. (What is the worst app)
Let me amplify further on my response:
1. Baselines are determined through sound Configuration Management.
2. Applications that have been applied or requested to be added to a
baseline via Configuration Management processes are Certified and Accredited
(C/A). (C/A includes the corporate security policy applicability and
effects, security test and eval, contingency planning, risk acceptance
and mitigation, lifecycle etc....)
3. All is determined through excepted Risk (Management decides not the
users). This is a business case as well as a securty issue.
4. Configuration Management is applied to policy and users follow policy
(At least they are required to: (Sarcastic))
In a nutshell, the sign on you’re would say: You are not allowed to install
any application. Contact your SysAdmin or CSO for more information.
Please excuse the truncation of my response. If you would like further
elaboration please let me know.
Beer is good........
Take Care,
Ron Mehring
Information Assurance Specialist
Snip>>>Your response>>>>
>From: <[EMAIL PROTECTED]>
>I recommend the following be identified as the most insecure:
>
>1. Freeware
>
>2. Shareware
I fail to see how the license can make software insecure, qmail is free
as
in beer, yet is very secure.
Snip>>>My Post>>>>
I recommend the following be identified as the most insecure:
1. Freeware
2. Shareware
3. Software\Hardware that bypasses security boundry [enclave] protection
4. Anything not on the company application/hardware baseline {Certified
and Accrediated}.
By the way,
Wireless Networks when properly implemented can be made extremly secure.
But must be managed.
Take Care,
Ron Mehring
Information Assurance Specialist
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.3
wkYEARECAAYFAj8PO/sACgkQWK2PgP0JMmpmtgCeNXb7Wk0O558o3OU4RaSwGZ0OEY8A
n1SYUI7ejmGcsh5LkD0Oq2wcLxgf
=pS3j
-----END PGP SIGNATURE-----
Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434
Promote security and make money with the Hushmail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427
---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
