Firewall Wizards mailing list archives
[Fwd: Re: Code review/audit and/or version control]
From: George Capehart <capegeo () opengroup org>
Date: Wed, 24 Jul 2002 10:09:04 +0800
Sorry, I hit reply instead of reply all . . . -------- Original Message -------- Subject: Re: [fw-wiz] Code review/audit and/or version control Date: Wed, 24 Jul 2002 10:07:15 +0800 From: George Capehart <capegeo () opengroup org> To: Joseph S D Yao <jsdy () center osis gov> References: <3D3BCFC5.9CAC75C4 () opengroup org> <200207221546.LAA14068 () fw1-b osis gov> <3D3CB7D7.C830F6DD () opengroup org> <20020723110454.C2747 () washington center osis gov> Joseph S D Yao wrote:
On Tue, Jul 23, 2002 at 09:56:39AM +0800, George Capehart wrote:created. What I'm concerned about here is a breakdown in process . . . not a valid reason to roll back a change . . .Then ISTM that that is at least as much a matter of properly training the coder/programmer/softeare engineer users as it is a technical matter ... perhaps much more or entirely so. By definition, no process can cope with a human breakdown in the process. Eh? ;-)
<rant> You're *absolutely* correct! This is what I'm getting at! IMHO, the breakdown of process is a management problem. There's a little more to the issue than just being sure coder/programmer/engineers are well trained . . . (That in itself is a management problem; rather a problem with management). ;-) I personally place the burden of "correctness," "quality" and "security" on management and the execution of appropriate process . . . however one wants to define "correctness," "quality" and "security." It seems to me that, in the end, all of those "esses" and "ies" exist as parts of an organization's risk management process. (That's a long discussion that's much better had over a bottle or two of wine). If it is important to the (managers of an) organization to manage the costs and risks associated with the lack of those "esses" and "ies," processes will be put in place and enforced, employees will receive the training they need and policies will be defined and enforced. If those things are not important to the (managers of the) organization, they will be given lip service or ignored. I *don't* believe these are technical problems at all. AFAIAC, they're purely management problems . . . </rant>
-- Joe Yao jsdy () center osis gov - Joseph S. D. Yao OSIS Center Systems Support EMT-B ----------------------------------------------------------------------- This message is not an official statement of OSIS Center policies.
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- [Fwd: Re: Code review/audit and/or version control] George Capehart (Jul 24)