[BBLISA] Quick Poll: Would you trust system software from an anonymous source? (fwd)

Rich Lenihan rich at openadmin.com
Thu Mar 11 07:58:55 EST 2010


>From: Elizabeth Schwartz <betsy.schwartz at gmail.com>
>Date: Wed, March 10, 2010 10:17 pm
>To: "Bblisa at Bblisa. Org" <bblisa at bblisa.org>
>
>I'm behind in my list email and missed the earlier survey but I'm
>surprised that nobody thought it was a firing offense.
>
>I suppose it depends on where you work and on what the servers do, but
>if company revenue depends in any way on server security, that's a
>pretty wildly unprofessional thing to do.

I think a lot would depend on company policy. I've worked in places
where there were strict policies against installing non-vetted software
anywhere. The software sources had to be approved by infosec and legal.
In that situation, where there is an established policy, I think that
firing would be both justified and expected. In the absence of such a
policy, however, I think that firing for a first offense would be a bit
harsh.

-Rich




More information about the bblisa mailing list