Re: Need security advice from Admins at Software Development companies

From: Ray (replyhere_at_newsgroup.only)
Date: 10/18/05 

Date: Tue, 18 Oct 2005 11:59:13 -0400

Inline.

> 1. The developer to control the company's copies of Visual Studio and
other
> packages so they (the Developer) can install where ever they see fit.

Can your company afford a six-digit voluntary fine to avoide federal
prosecution?
http://www.bsa.org/usa/press/newsreleases/Software-Watchdog-Collects-Record-Settlement.cfm

IT holds ALL install media in a locked room, no exceptions.

> 2. The developer be allowed to download and install any software they want
> off the Internet unrestricted.

ALL of our developers are only granted Restricted user (XP standard user)
rights on their computer. If their tools require elevated rights, only those
files and folders are granted those rights. They simply cannot install
anything they download.

> 3. When a developer writes a program for use internally do they
(Developer)
> get to be Admins of any computer that uses their in-house package or do
they
> have to use the test lab.

Modern software must run properly as a Restricted user/Standard user. If the
developers run as local admins on their computers or others, they may not be
thoroughly testing the software.

Eventually it has to be installed in a live environment for testing.

> 4. Do they get to distribute their in-house developed packages on the fly
> without providing any proof that it has been tested.

"tested" is subjective.

> 5. Are the developers allowed to send out copies of software developed
under
> the company's name without restriction.

If your policy allows it and the lawyers have signed off on it, sure.

Relevant Pages

  • Re: How to make application work on Symbol MC3000?
    ... My applications would work on a Symbol MC9000 and Dell Axim running ... their SDK and it solved the problem. ... Developer Kit for .Net v1.2. ... install the application on the device so it will run properly. ...
    (microsoft.public.dotnet.framework.compactframework)
  • ssh preinst script returns exit status 10
    ... Yesterday I was using dselect to update my system (unstable packages). ... dselect from installing the last few packages, which included ssh. ... When "apt-get --reinstall install ssh" didn't work, ... debconf (developer): frontend started ...
    (Debian-User)
  • Re: ActiveTcl unbundling
    ... consistent set of packages. ... clueless user being able to install Tcl with the necessary extensions. ... The developer can't know what the user has in his or her current ...
    (comp.lang.tcl)
  • Re: Still Getting Runtime Error Message
    ... To Check References, did you go to Modules then Tools References? ... an add in supplied with my developer ed that makes this easy. ... > software, install ... even testing over and over on a test mule is not ...
    (microsoft.public.access.devtoolkits)
  • Re: App for Windows 98?
    ... can get just the Developer Edition for Office XP, ... Windows XP, but I'm getting requests to produce a version that will ... a2000 format (note that the default format for a2003 is in fact ... You can use sagekey to build a install here...but sagkey changes ...
    (microsoft.public.access.gettingstarted)