[ale] Security Licensing (wuz: a quick test of web site stupid)

Jim Kinney jim.kinney at gmail.com
Sun Mar 10 18:13:38 EDT 2013


Um... is this mic on? No? OK. Good.

So once we finish off Microsoft and have Apple in the kissing our ass

What? You said that mic was off! Who brought the window laptop?!

Oh Sh....!

Move along! Nothing to see here!

On Sun, Mar 10, 2013 at 6:05 PM, John Pilman <jcpilman at gmail.com> wrote:

> We're a group of professions, and we are meeting here.
>
> ...John
>
>
>
> On Sat, Mar 9, 2013 at 3:56 PM, Jim Kinney <jim.kinney at gmail.com> wrote:
>
>> And your point is.....
>> :-D
>> On Mar 9, 2013 11:43 AM, "Charles Shapiro" <hooterpincher at gmail.com>
>> wrote:
>>
>>> No group of professionals meets except to conspire against the public at
>>> large ( Mark Twain)
>>>
>>>
>>> On Fri, Mar 8, 2013 at 12:14 PM, Jim Kinney <jim.kinney at gmail.com>wrote:
>>>
>>>> All very valid points.
>>>>
>>>> On Fri, Mar 8, 2013 at 11:50 AM, Leam Hall <leamhall at gmail.com> wrote:
>>>>
>>>>> On 03/08/2013 11:24 AM, Jim Kinney wrote:
>>>>>
>>>>>> Exactly. What this does do is require that public facing code that has
>>>>>> the potential to cause harm is reviewed and approved by someone that
>>>>>> society, working through bright people in the field, trusts will stamp
>>>>>> that code as "best available methods at this time". There will still
>>>>>> be
>>>>>> loads of jobs for non-certified coders.
>>>>>>
>>>>>> We already have the Business A -> Business B process. It doesn't work
>>>>>> very well.
>>>>>>
>>>>>
>>>>> Business B has a lousy marketing department then. There is a
>>>>> significant need for security and to have CISSP, GIAC, or even Security+
>>>>> people on teams, IF YOU LISTEN TO THEM, helps loads. You can tout the
>>>>> reduced code vulnerabilities from meeting X standard and note that you
>>>>> actively recruit security talent is leverage.
>>>>>
>>>>
>>>> That's where a legal requirement will help this process. There are
>>>> plenty of people who are bright and good enough to do this but the PHB
>>>> doesn't listen because of PHB reasons.
>>>>
>>>>>
>>>>> Damon's point about requiring certification raises a different issue.
>>>>> Keep in mind that much of what we know is reinforced by daily usage and
>>>>> decreases over time. If you get an RHCE it means you passed a rigorous
>>>>> test. If you passed that test a decade ago, like me, you need to show that
>>>>> you have kept current. And I don't mean paying for another certification,
>>>>> but actively doing stuff in the field.
>>>>>
>>>>
>>>> Just like other fields, that license is only valid with ongoing
>>>> training credits. My vet has to go back to school every year to keep her
>>>> practice certs valid. Her staff does not have to have practice certs. A
>>>> RHCE on RHEL4 is nearly useless on RHEL6 (changed EVERYTHING on user
>>>> security! and that doesn't account for selinux :-D )
>>>>
>>>>>
>>>>> And doing new stuff, too. A lot has changed in the last decade and
>>>>> there are lots of critical bits now that didn't exist then. That's what I
>>>>> love about Linux; you can know everything today and tomorrow will bring
>>>>> something new.
>>>>>
>>>>> The questions start to boil down to "What are the best practices that
>>>>> (a) actually work and (b) can be implemented with reasonable budgets?" and
>>>>> "How do we evaluate the ability to implement and inspect for them?"
>>>>>
>>>>> Would that be a reasonably fair set of questions?
>>>>>
>>>>
>>>> This is good. Maybe is could be organized by criticality level based on
>>>> breach outcome. Some things are already covered by various levels of
>>>> computer security (some is bone-headed) from DoD. So different levels of
>>>> engineering proficiency with different needs.
>>>>
>>>>>
>>>>> Leam
>>>>>
>>>>> ______________________________**_________________
>>>>> Ale mailing list
>>>>> Ale at ale.org
>>>>> http://mail.ale.org/mailman/**listinfo/ale<http://mail.ale.org/mailman/listinfo/ale>
>>>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>>>> http://mail.ale.org/mailman/**listinfo<http://mail.ale.org/mailman/listinfo>
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> --
>>>> James P. Kinney III
>>>> *
>>>> *Every time you stop a school, you will have to build a jail. What you
>>>> gain at one end you lose at the other. It's like feeding a dog on his own
>>>> tail. It won't fatten the dog.
>>>> - Speech 11/23/1900 Mark Twain
>>>> *
>>>> http://electjimkinney.org
>>>> http://heretothereideas.blogspot.com/
>>>> *
>>>> _______________________________________________
>>>> Ale mailing list
>>>> Ale at ale.org
>>>> http://mail.ale.org/mailman/listinfo/ale
>>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>>> http://mail.ale.org/mailman/listinfo
>>>>
>>>>
>>>
>>> _______________________________________________
>>> Ale mailing list
>>> Ale at ale.org
>>> http://mail.ale.org/mailman/listinfo/ale
>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>> http://mail.ale.org/mailman/listinfo
>>>
>>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>


-- 
-- 
James P. Kinney III
*
*Every time you stop a school, you will have to build a jail. What you gain
at one end you lose at the other. It's like feeding a dog on his own tail.
It won't fatten the dog.
- Speech 11/23/1900 Mark Twain
*
http://electjimkinney.org
http://heretothereideas.blogspot.com/
*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20130310/d27b7d90/attachment-0001.html>


More information about the Ale mailing list