Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

The Myth of Open Source Security

Jesse Noller wrote:
> It is the designer's/admin's responsibility to check
> these sites for possible vulnerabilities of the software he/she is
> installing. To make the excuse "i don't have the time" or "the vendor should
> have gave me the patch" is, in and of itself, a denial of responsibility
> (What i call the DoR attack, commonly found in extremely large
> corporations).

Also the corporation's responsibility to ensure that resources are
allocated to deal with these matters.  It's not fair to place the entire
burden on system administrators, who, as I'm sure many can attest, are
often overworked and fiscally shortchanged.

Make sure you clearly articulate your security (and other) concerns to
your corporate officers.  And tell them what resources you require to
deal with these concerns.  It's any systems administrator's burden to
make sure their employers are adequately educated.  It is then the
employer's burden to prioritize the allocation of resources.  Ideally,
we would all just see a problem and solve it.  Unfortunately, sometimes
you also have to just make sure you cover your ass.

Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at (Subject line is ignored).

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /