[BBLISA] Quick Poll: Would you trust system software from an anonymous source? (fwd)

David Allan dave at dpallan.com
Thu Mar 11 09:27:39 EST 2010 

Should have voted first time around; better late than never: I would not 
fire the offender immediately in every situation, but that kind of 
behavior would raise significant questions in my mind as to their 
competence.

Mostly I'm concerned that it sounds like they went off and installed 
something without talking to anyone about it.  There seem to be facts in 
this particular situation that make it a particular concern, and many of 
the OP's insinuations make it sound like this is one of those situations 
in which firing might be justified, but I'd also be pretty upset if 
someone went off and grabbed some well known, vetted piece of open source 
code without talking to anyone.  That's no way to run an operation. 
Documentation?  Support?  What happens if the guy who did the install gets 
hit by a bus?  That kind of behavior is incredibly damaging to overall 
manageability.  How would you subsequently rebuild such a system if it 
failed?

Dave


On Thu, 11 Mar 2010, Rich Lenihan wrote:

>> From: Elizabeth Schwartz <betsy.schwartz at gmail.com>
>> Date: Wed, March 10, 2010 10:17 pm
>> To: "Bblisa at Bblisa. Org" <bblisa at bblisa.org>
>>
>> I'm behind in my list email and missed the earlier survey but I'm
>> surprised that nobody thought it was a firing offense.
>>
>> I suppose it depends on where you work and on what the servers do, but
>> if company revenue depends in any way on server security, that's a
>> pretty wildly unprofessional thing to do.
>
> I think a lot would depend on company policy. I've worked in places
> where there were strict policies against installing non-vetted software
> anywhere. The software sources had to be approved by infosec and legal.
> In that situation, where there is an established policy, I think that
> firing would be both justified and expected. In the absence of such a
> policy, however, I think that firing for a first offense would be a bit
> harsh.
>
> -Rich
>
>
> _______________________________________________
> bblisa mailing list
> bblisa at bblisa.org
> http://www.bblisa.org/mailman/listinfo/bblisa
>

More information about the bblisa mailing list