| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200309291055.43596.capegeo@opengroup.org> From: capegeo at opengroup.org (George Capehart) Subject: Soft-Chewy insides (was: CyberInsecurity: The cost of Monopoly) On Monday 29 September 2003 08:23 am, Michael Scheidell wrote: <snip> > > These fins and jail time will directly target the C/Board level, and > only indirectly affect the security teams (they may lose their jobs > when the company they work for goes bankrupt) > > Its only a matter of time before the lawyers finish up with big > tobacco and move on to SARBOX/HIPAA and GLBA work. > > > My $0.02. > > I'll see you that .02/c and raise you 5 million dollars (the Maximum > fine under SARBOX) <cynical grin> Would that that would really help. I guess maybe in the long run it might, but I'm not holding my breath. There's still the small matter of connecting cause with effect and then implementing a program that will function appropriately at all levels of the organization. I'll bet a dozen Krispy Kremes that the response of many Boards and C-level officers will be a knee-jerk "Off with their heads" followed by a return to business as usual. It's a lot easier to offer up a sacrificial lamb than it is to change corporate culture . . . But it will certianly be interesting to follow . . . ;-) Regards, -- George Capehart capegeo at opengroup dot org PGP Key ID: 0x63F0F642 http://pgp.mit.edu Key fingerprint: BE7A 9A4A 6A8F 363A BAC5 4866 631B B2F6 63F0 F642 "It is always possible to agglutenate multiple separate problems into a single complex interdependent solution. In most cases this is a bad idea. -- RFC 1925
Powered by blists - more mailing lists