RE: Sun cans Trusted Solaris, was Why Easy To Use Software Is Putting You At Risk

["Craig Wright" <cwright () bdosyd com au>]

Hi Robert,
 
I know that the cost stopped most organisations using Trusted Solaris. This was one of the points I ws making. People 
(Most) are not willing to pay for verified code. One oragisatioin I was involved with in the past spent a 7 figure sum 
on software for a single server yet did not wish to spring for trusted solaris untill they had an issue and etc etc.
 
There are organisations that will pay that amount. Not many I agree and this is one of the issues. To get back to the 
original arguement, it is a risk decision. The point I have been getting to is that software ease of use is not the 
issue. People do not understand the need or the risk. This also comes back to how we as professionals become 
responsible. 
 
By peddling simplistic vulnerability tests rathers than proper reviews (and do not try to tell me costs is an issue 
here as the majority of "worthwile" Pen tests are now becoming more expensive than a review) and not speaking out on 
the need to assess risk correctly we fail in our responsibilities.
 
Regards
Craig
 
PS the extensions are good but do not replace Trusted Solaris ;)

        >
        Craig,
        
        Did you read the part of the article that discusses Trusted Extensions?
        For those who need TSOL's capabilities, they can purchase the Extensions
        to give them MAC, MLS, and all of the other TSOL features on top of an
        existing Solaris 10 installation.
        
        Also consider the pricing of TSOL, for a single CPU machine, a license
        for Certified Trusted Solaris 8 is $2,495.00. On an 8 CPU E4500 it would
        cost over $40,000.00, only people who really require that level of
        security are willing to pay that much to get it.
        
        Trust is a part of security, but not the only part.
        
        
        
        Robert Escue
        System Administrator
        
        


Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within 
those States and Territories of Australia where such legislation exists.

DISCLAIMER
The information contained in this email and any attachments is confidential. If you are not the intended recipient, you 
must not use or disclose the information. If you have received this email in error, please inform us promptly by reply 
email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy.  

Any views expressed in this message are those of the individual sender. You may not rely on this message as advice 
unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by 
a Partner of BDO.

BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, 
interception, corruption or unauthorised access.