| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 23 Mar 2005 16:47:14 -0500
From: Derek Martin <code@...zashack.org>
To: bugtraq@...urityfocus.com
Subject: Re: [ISN] How To Save The Internet
On Wed, Mar 23, 2005 at 11:24:14AM -0500, Arndt.WA@...ces.gc.ca wrote:
> > Nonsense. Absurd, ridiculous nonsense.
> >
> > There is only one party who has any say over what code gets
> > executed by a CPU: the owner of that physical property.
> >
> > Everyone else can go fly a kite.
>
> Hold on. If you're dealing with a large company or government
> department, who "physically owns" the computer in question,
> you can't tell me that they're going to micromanage exactly
> what goes on with that system. They'll delegate the authority
> off to someone who'll actually run the equipment. That sounds
> like an "*operator* of the CPU" to me...
But the operator, in his professional capacity, is acting as an agent
of the corporation, and has a legal and professional obligation to
make decisions based on what the company has outlined in its policy.
That is, insomuch as he may decide what can or can't be run, he's
acting with the authority of the company, and on behalf of the
company. In other words, for purposes of deciding what is being run
on the computer, he IS the company.
Many operators are not in a position to make such decisions. Their
job is only to see that the company's assets are being used in
accordance with company policy. Failure to do so CAN result in
termination (even if it usually doesn't)...
--
Derek D. Martin
http://www.pizzashack.org/
GPG Key ID: 0x81CFE75D
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists