Firewall Wizards mailing list archives
Re: Trust validation of programmers
From: Rick Smith <rick_smith () securecomputing com>
Date: Tue, 30 Jun 1998 07:59:25 -0500
At 08:05 AM 6/26/98 -0400, Ted Doty wrote:
From what I've seen, this situation is more like the craft guilds of the Renaissance. Apprentices and journeymen would work under the supervision of masters, who were not only responsible for the quality of the product, but for training the apprentices and journeymen as well.
Arguably the training style is like this, particularly in mature organizations, but there's an essential ingredient missing -- there's no assurance that a person claiming to be a journeyman or master really is one. In the Good Old Days you'd practice your craft in the same community that you trained in, so everyone that mattered knew your status. Today, someone can walk in off the street with a bogus resume and claim to be an expert. I suppose one could say that the CISSP is supposed to address this problem, though it's nowhere nearly as comprehensive (or costly) as guild style apprenticeships.
My experience with background checks is that they're probably effective in weeding out psychos, and less effective in weeding out traitors (strong word there, perhaps we should say "Industrial Saboteurs"). It may raise the bar a bit, but it is a pretty tiny bit.
Same with the CISSP or any other practical, test based certification. Rick. smith () securecomputing com
Current thread:
- Trust validation of programmers Stout, Bill (Jun 25)
- Re: Trust validation of programmers Aleph One (Jun 26)
- <Possible follow-ups>
- Re: Trust validation of programmers Ted Doty (Jun 26)
- Re: Trust validation of programmers tqbf (Jun 28)
- Re: Trust validation of programmers Rick Smith (Jun 30)