Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

The Myth of Open Source Security

> Also the corporation's responsibility to ensure that resources are
> allocated to deal with these matters.  It's not fair to place 
> the entire
> burden on system administrators, who, as I'm sure many can attest, are
> often overworked and fiscally shortchanged.

This I totally understand, which is why, working for a proprietary software
company, as a security engineer, i dedicate many, many hours to evaluating
possible security holes and creating fixes ASAP. I remember what it was like
on the other end of the barrel, that problem is, many times the error does
fall with other vendors, and they are not totally dedicated in helping out
the end-users and administrators. 

But noone said this was a perfect world.
> Make sure you clearly articulate your security (and other) concerns to
> your corporate officers.  And tell them what resources you require to
> deal with these concerns.  It's any systems administrator's burden to
> make sure their employers are adequately educated.  It is then the
> employer's burden to prioritize the allocation of resources.  Ideally,
> we would all just see a problem and solve it.  Unfortunately, 
> sometimes
> you also have to just make sure you cover your ass.

Correct, you hit the nail on the head. =]

Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at (Subject line is ignored).

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /