Educause Security Discussion mailing list archives
Re: Vetting of software to be installed on production systems
From: Jesse Thompson <jesse.thompson () DOIT WISC EDU>
Date: Fri, 10 Apr 2009 09:23:59 -0500
Gary Flynn wrote:
I'm trying to provide some general guidance on making trust decisions for software to be installed on production systems. Does anyone have any documentation or policies concerning a vetting procedure I could look at or any general advice?
How about: Hire competent staff to perform technical reviews. And trust them to make smart decisions. Since all software is different, any vetting procedures you create would have to be so generic that they would be common sense to a competent technologist, and not thorough enough for a technologist that doesn't think outside the box. Jesse
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Vetting of software to be installed on production systems Gary Flynn (Apr 01)
- <Possible follow-ups>
- Re: Vetting of software to be installed on production systems Jesse Thompson (Apr 10)
- Re: Vetting of software to be installed on production systems Sarazen, Daniel (Apr 10)