The Myth of Open Source Security
Ron Peterson
rpeterson at yellowbank.com
Thu Jun 1 11:03:51 EDT 2000
Jesse Noller wrote:
>
> It is the designer's/admin's responsibility to check
> these sites for possible vulnerabilities of the software he/she is
> installing. To make the excuse "i don't have the time" or "the vendor should
> have gave me the patch" is, in and of itself, a denial of responsibility
> (What i call the DoR attack, commonly found in extremely large
> corporations).
Also the corporation's responsibility to ensure that resources are
allocated to deal with these matters. It's not fair to place the entire
burden on system administrators, who, as I'm sure many can attest, are
often overworked and fiscally shortchanged.
Make sure you clearly articulate your security (and other) concerns to
your corporate officers. And tell them what resources you require to
deal with these concerns. It's any systems administrator's burden to
make sure their employers are adequately educated. It is then the
employer's burden to prioritize the allocation of resources. Ideally,
we would all just see a problem and solve it. Unfortunately, sometimes
you also have to just make sure you cover your ass.
-Ron-
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).
More information about the Discuss
mailing list