[BBLISA] Quick Poll: Would you trust system software from an anonymous source? (take2)
Dean Anderson
dean at av8.com
Fri Feb 26 12:51:31 EST 2010
Oops. Renumbered:
By anonymous, I mean a source that traces only to an email address with
no phone number, no address, no anything. Not even a significant
history of email from that account. This source has no accountability,
because they are anonymous.
By 'System software' I mean software whose integrity a company relies on
to perform its functions. If the software were remotely exploitable, it
could potentially result in remote access being obtained, and/or
confidential information being exposed, firewall being circumvented, etc
Here are the specific questions:
1. Would you trust (meaning use) system software from an anonymous
source?
2. Would the fact that the software is a derivative of well known
software, but with apparently gratuitous "security fixes": would that
increase or decrease your willingness to trust the software?
3. Would the fact that source implements a variation of discredited
changes advocated by gray-hat or black-hat hackers increase or decrease
your willingness to trust the software?
4. Would you consider it a bad judgment to use such software knowing (1)
for sure, and perhaps (2) and (3)? How serious is the bad judgment?
5. Would it be reasonable to fire the admin responsible if they knew of
(1), and perhaps (2),and (3), but used it anyway?
6. Does the reasonableness of termination depend on actually knowing
(1)? That is, supposing the admin didn't know (1), should the admin have
made an effort to find out if the software was from a dependable (or at
least accountable) source?
Please reply off list.
Thanks,
--Dean
--
Av8 Internet Prepared to pay a premium for better service?
www.av8.net faster, more reliable, better service
617 256 5494
More information about the bblisa
mailing list