[Fwd: Re: [fw-wiz] Code review/audit and/or version control]
From: George Capehart (capegeo@opengroup.org)
Date: 07/24/02
- Next message: BORBELY Zoltan: "Re: [fw-wiz] Securing a Linux Firewall"
- Previous message: Volker Tanger: "Re: [fw-wiz] FW1 related..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: George Capehart <capegeo@opengroup.org> To: firewall-wizards@honor.icsalabs.com Date: Wed Jul 24 08:30:02 2002
Sorry, I hit reply instead of reply all . . .
-------- Original Message --------
Subject: Re: [fw-wiz] Code review/audit and/or version control
Date: Wed, 24 Jul 2002 10:07:15 +0800
From: George Capehart <capegeo@opengroup.org>
To: Joseph S D Yao <jsdy@center.osis.gov>
References: <3D3BCFC5.9CAC75C4@opengroup.org>
<200207221546.LAA14068@fw1-b.osis.gov> <3D3CB7D7.C830F6DD@opengroup.org>
<20020723110454.C2747@washington.center.osis.gov>
Joseph S D Yao wrote:
>
> On Tue, Jul 23, 2002 at 09:56:39AM +0800, George Capehart wrote:
> > created. What I'm concerned about here is a breakdown in process . . .
> > not a valid reason to roll back a change . . .
>
> Then ISTM that that is at least as much a matter of properly training
> the coder/programmer/softeare engineer users as it is a technical
> matter ... perhaps much more or entirely so. By definition, no process
> can cope with a human breakdown in the process. Eh? ;-)
<rant>
You're *absolutely* correct! This is what I'm getting at! IMHO, the
breakdown of process is a management problem. There's a little more to
the issue than just being sure coder/programmer/engineers are well
trained . . . (That in itself is a management problem; rather a problem
with management). ;-) I personally place the burden of "correctness,"
"quality" and "security" on management and the execution of appropriate
process . . . however one wants to define "correctness," "quality" and
"security." It seems to me that, in the end, all of those "esses" and
"ies" exist as parts of an organization's risk management process.
(That's a long discussion that's much better had over a bottle or two of
wine). If it is important to the (managers of an) organization to
manage the costs and risks associated with the lack of those "esses" and
"ies," processes will be put in place and enforced, employees will
receive the training they need and policies will be defined and
enforced. If those things are not important to the (managers of the)
organization, they will be given lip service or ignored. I *don't*
believe these are technical problems at all. AFAIAC, they're purely
management problems . . .
</rant>
>
> --
> Joe Yao jsdy@center.osis.gov - Joseph S. D. Yao
> OSIS Center Systems Support EMT-B
> -----------------------------------------------------------------------
> This message is not an official statement of OSIS Center policies.
- Next message: BORBELY Zoltan: "Re: [fw-wiz] Securing a Linux Firewall"
- Previous message: Volker Tanger: "Re: [fw-wiz] FW1 related..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
