Re: Chapel Hill researcher demoted after security breach

[Allen Barrett <sabarrett () HARDING EDU>]

In a word...no.  Not in my opinion....

On Thu, Oct 7, 2010 at 3:26 PM, Doty, Timothy T. <tdoty () mst edu> wrote:

> While the article read to me as being biased in favor of the researcher I
> think it illustrates important issues.
>
> Are we as security professionals effectively and accurately communicating
> vulnerability information to users? Especially to users who may lack the
> background and mindset for understanding it?
>
> It seems to me that a good part of the researcher's argument rests on her
> being held responsible for managing a system that she was not equipped to
> evaluate the management of. At the same time, I know we have researchers
> who
> insist on this sort of autonomy. Is it really in the researcher's or the
> institution's best interest to allow that?
>
> Tim Doty
>
> > -----Original Message-----
> > From: The EDUCAUSE Security Constituent Group Listserv
> > [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of David Escalante
> > Sent: Thursday, October 07, 2010 2:59 PM
> > To: SECURITY () LISTSERV EDUCAUSE EDU
> > Subject: Re: [SECURITY] Chapel Hill researcher demoted after security
> > breach
> >
> >
> > On Oct 7, 2010, at 2:47 PM, Nicole Kegler wrote:
> >
> > >  I would be interested in hearing your thoughts about this, and what
> > > could have been done differently by the university.
> >
> > As several comments below the story noted, there are insufficient
> > details in the article to form a conclusion.
> > --
> > David Escalante


-- 
Allen Barrett
IT Security and Systems Administrator
Harding University
Admin 304
(501) 279-4198