<br><br><div class="gmail_quote">On Wed, Mar 6, 2013 at 4:10 PM, Matt Hessel <span dir="ltr"><<a href="mailto:matt.hessel@gmail.com" target="_blank">matt.hessel@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<p dir="ltr">I see the idea behind the certification, but in practice that seems mostly useful to employers when hiring individuals with little on their resume. </p></blockquote><div><br>It's not for employers. It's for lawyers and judges to use as a bludgeon to make companies use good practices is coding for public consumption. If company FOO is in software development, and they provide code for banking, they MUST have a certified banking code engineer on staff and sign off on the code or else that code is not legal to use for banking. Or they can pay a banking code engineering firm to evaluate their code and sign off if it suits the engineers standards.<br>
<br>If mom-n-pop company hires a developer to put up a web site, they don't need a certified engineer to approve anything UNTIL they add something like shopping site with credit card stuff. If their website gets defaced because they hired an idiot, that's their problem. If their website gets hacked and credit card data is stolen, then it's a criminal offense on them for deploying code that was not approved by a professional engineer. I see drop-in certified modules for various platforms to do this. <br>
<br>I can't build a bridge for public use until I am a certified, tested and passed Professional Engineer. As a PE, it's MY name on the line for the stuff I sign off on. So a PE won't approve crap. Is it a perfect system? Nope. But it keeps slick talking idiots from building bridges and practicing law and medicine.<br>
<br>A person who passes a PE exam doesn't need much else on their resume. It's not possible to pass without mountains of knowledge and/or experience. There is already a Professional Software Engineer license process. What is needed is to add HIPPA and Banking modules (or more generically - data security) and then require that places that use software in these fields have X years to be using certified, compliant software or they get shut down, fined out the ass or both for repeated violations. "Market forces" can't fix this crap. It's like why we all drive on the right hand side of the road. Someone decided we have to clean up the mess and made it happen.<br>
<br>like i need another project....<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<p dir="ltr">And I'll second the point on bridging networks. Some creative use of stunnel can easily fool most security devices and allow anything in or out of a secure network.</p>
<div class="gmail_quote"><div class="im">On Mar 6, 2013 11:55 AM, "David Ritchie" <<a href="mailto:deritchie@gmail.com" target="_blank">deritchie@gmail.com</a>> wrote:<br type="attribution"></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div><div class="h5">
<br><br><div class="gmail_quote">On Mon, Mar 4, 2013 at 12:56 PM, Jim Kinney <span dir="ltr"><<a href="mailto:jim.kinney@gmail.com" target="_blank">jim.kinney@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br><div class="gmail_quote"><div>Given the importance of reliable software in a growing number of areas, I see a need to have professional licenses for programmers that touch finance, health care, public safety, etc. We don't let just anyone design a bridge and that's for good reasons. We need to rethink this field from a public health and safety perspective.<br>
<br>I can also see a need for mandatory professional certifications for System Administrators in those same areas. <br><br>ditto for DBA work.<br></div></div><div><div><br>James P. Kinney III<br>
<br></div></div></blockquote><div><br>Snort... the mice voting to bell the cat.<br><br>1) Will never happen, as the companies want huge masses of potential employees for which that they don't have to pay much. <br>2) How would you certify competency? The field is changing all the time, and the demand for people who even 'kinda' know what <br>
they are doing currently (and probably for the indefinite future) will outstrip supply. <br>3) Supposing (or more correctly, "when") something blows up - what would be 'punishment' meted out against the professional? <br>
Are they really to blame when their employers aren't willing to patch, or unwilling to listen... ??<br>4) Shelf life of professional certifications is short, so professionals have to be selective. Licensing will, by definition, be bureaucratic and trail <br>
current practice. Often the certification questions are a laundry list of random stuff that may or may not have any use in day to day administration, <br>or aren't specifically geared to security related issues. I can't expect licenses to be any more current.<br>
5) making network secure that are also usable by your employees to get their jobs done (particularly as more and more stuff is becoming cloud/web based)<br>is really a PITA. IPV6, I am guessing, is going to make this even harder, and corporate IT departments are largely clueless about it. That is just one way<br>
to see this blowing up. Bridging networks outside of buildings is getting increasingly trivial to do, particularly if have some level of physical access. SSL VPN's<br>and tunneling are particularly troubling to me... <br>
<br>Disclaimer: Not based on experience with any past, present, or future employer(s). I do this to build my typing speed. <br><br>-- David <br><br><br></div></div>
<br></div></div><div class="im">_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
<br></div></blockquote></div>
<br>_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br>-- <br>James P. Kinney III<br><i><i><i><i><br></i></i></i></i>Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog.<br>
- Speech 11/23/1900 Mark Twain<br><i><i><i><i><br><a href="http://electjimkinney.org" target="_blank">http://electjimkinney.org</a><br><a href="http://heretothereideas.blogspot.com/" target="_blank">http://heretothereideas.blogspot.com/</a><br>
</i></i></i></i>