[ale] Security Licensing (wuz: a quick test of web site stupid)

Jim Kinney jim.kinney at gmail.com
Sat Mar 9 15:56:38 EST 2013


And your point is.....
:-D
On Mar 9, 2013 11:43 AM, "Charles Shapiro" <hooterpincher at gmail.com> wrote:

> No group of professionals meets except to conspire against the public at
> large ( Mark Twain)
>
>
> On Fri, Mar 8, 2013 at 12:14 PM, Jim Kinney <jim.kinney at gmail.com> wrote:
>
>> All very valid points.
>>
>> On Fri, Mar 8, 2013 at 11:50 AM, Leam Hall <leamhall at gmail.com> wrote:
>>
>>> On 03/08/2013 11:24 AM, Jim Kinney wrote:
>>>
>>>> Exactly. What this does do is require that public facing code that has
>>>> the potential to cause harm is reviewed and approved by someone that
>>>> society, working through bright people in the field, trusts will stamp
>>>> that code as "best available methods at this time". There will still be
>>>> loads of jobs for non-certified coders.
>>>>
>>>> We already have the Business A -> Business B process. It doesn't work
>>>> very well.
>>>>
>>>
>>> Business B has a lousy marketing department then. There is a significant
>>> need for security and to have CISSP, GIAC, or even Security+ people on
>>> teams, IF YOU LISTEN TO THEM, helps loads. You can tout the reduced code
>>> vulnerabilities from meeting X standard and note that you actively recruit
>>> security talent is leverage.
>>>
>>
>> That's where a legal requirement will help this process. There are plenty
>> of people who are bright and good enough to do this but the PHB doesn't
>> listen because of PHB reasons.
>>
>>>
>>> Damon's point about requiring certification raises a different issue.
>>> Keep in mind that much of what we know is reinforced by daily usage and
>>> decreases over time. If you get an RHCE it means you passed a rigorous
>>> test. If you passed that test a decade ago, like me, you need to show that
>>> you have kept current. And I don't mean paying for another certification,
>>> but actively doing stuff in the field.
>>>
>>
>> Just like other fields, that license is only valid with ongoing training
>> credits. My vet has to go back to school every year to keep her practice
>> certs valid. Her staff does not have to have practice certs. A RHCE on
>> RHEL4 is nearly useless on RHEL6 (changed EVERYTHING on user security! and
>> that doesn't account for selinux :-D )
>>
>>>
>>> And doing new stuff, too. A lot has changed in the last decade and there
>>> are lots of critical bits now that didn't exist then. That's what I love
>>> about Linux; you can know everything today and tomorrow will bring
>>> something new.
>>>
>>> The questions start to boil down to "What are the best practices that
>>> (a) actually work and (b) can be implemented with reasonable budgets?" and
>>> "How do we evaluate the ability to implement and inspect for them?"
>>>
>>> Would that be a reasonably fair set of questions?
>>>
>>
>> This is good. Maybe is could be organized by criticality level based on
>> breach outcome. Some things are already covered by various levels of
>> computer security (some is bone-headed) from DoD. So different levels of
>> engineering proficiency with different needs.
>>
>>>
>>> Leam
>>>
>>> ______________________________**_________________
>>> Ale mailing list
>>> Ale at ale.org
>>> http://mail.ale.org/mailman/**listinfo/ale<http://mail.ale.org/mailman/listinfo/ale>
>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>> http://mail.ale.org/mailman/**listinfo<http://mail.ale.org/mailman/listinfo>
>>>
>>
>>
>>
>> --
>> --
>> James P. Kinney III
>> *
>> *Every time you stop a school, you will have to build a jail. What you
>> gain at one end you lose at the other. It's like feeding a dog on his own
>> tail. It won't fatten the dog.
>> - Speech 11/23/1900 Mark Twain
>> *
>> http://electjimkinney.org
>> http://heretothereideas.blogspot.com/
>> *
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20130309/b90e4a6a/attachment.html>


More information about the Ale mailing list