Re: [fw-wiz] concerning ~el8 / project mayhem

From: Anton J Aylward, CISSP (aja@si.on.ca)
Date: 08/21/02


From: "Anton J Aylward, CISSP" <aja@si.on.ca>
To: firewall-wizards@honor.icsalabs.com
Date: Wed Aug 21 12:16:17 2002

On Wed, 2002-08-21 at 11:28, Barney Wolff wrote:
> Why on earth even spend time debating whether config reviews or scans
> are better? It's equivalent to debating whether structured walkthroughs
> or testing work better to find software flaws.

Because most organizations are only willing to commit a limited amount
of resources, time and effort to "design" and "testing", no matter what
the proof that paying up front is many times more cost effective than
having to pay down the road.

The corporate agenda is rarely the agenda of the technical experts.
Often the criteria is "how many lines of code have you written today"
against some arbitrary rate chart, rather than something more
meaningful. This is one reason I don't work for shops that grind out
code anymore.

/anton

-- 
It is against the grain of modern education to teach children to program.
What fun is there in making plans, acquiring discipline in organizing
thoughts, devoting attention to detail, and learning to be self-critical?
		-- Alan Perlis