[BBLISA] Quick Poll: Would you trust system software from an anonymous source?

Dean Anderson dean at av8.com
Fri Feb 26 12:19:18 EST 2010


By anonymous, I mean a source that traces only to an email address with
no phone number, no address, no anything.  Not even a significant
history of email from that account.  This source has no accountability,
because they are anonymous.

By 'System software' I mean software whose integrity a company relies on
to perform its functions. If the software were remotely exploitable, it
could potentially result in remote access being obtained, and/or
confidential information being exposed, firewall being circumvented, etc

Here are the specific questions:

1. Would you trust (meaning use) system software from an anonymous
source?

2. Would the fact that the software is a derivative of well known
software, but with apparently gratuitous "security fixes": would that
increase or decrease your willingness to trust the software?

3. Would the fact that source implements a variation of discredited
changes advocated by gray-hat or black-hat hackers increase or decrease
your willingness to trust the software?

3. Would you consider it a bad judgment to use such software knowing (1)
for sure, and perhaps (2) and (3)?  How serious is the bad judgment?

4. Would it be reasonable to fire the admin responsible if they knew of
(1), and perhaps (2),and (3), but used it anyway?

5. Does the reasonableness of termination depend on actually knowing
(1)? That is, supposing the admin didn't know (1), should the admin have
made an effort to find out if the software was from a dependable (or at
least accountable) source?


Please reply off list.

Thanks,

		--Dean




-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 256 5494




More information about the bblisa mailing list