[ale] Security Licensing (wuz: a quick test of web site stupid)

John Pilman jcpilman at gmail.com
Sun Mar 10 18:05:52 EDT 2013


We're a group of professions, and we are meeting here.

...John



On Sat, Mar 9, 2013 at 3:56 PM, Jim Kinney <jim.kinney at gmail.com> wrote:

> And your point is.....
> :-D
> On Mar 9, 2013 11:43 AM, "Charles Shapiro" <hooterpincher at gmail.com>
> wrote:
>
>> No group of professionals meets except to conspire against the public at
>> large ( Mark Twain)
>>
>>
>> On Fri, Mar 8, 2013 at 12:14 PM, Jim Kinney <jim.kinney at gmail.com> wrote:
>>
>>> All very valid points.
>>>
>>> On Fri, Mar 8, 2013 at 11:50 AM, Leam Hall <leamhall at gmail.com> wrote:
>>>
>>>> On 03/08/2013 11:24 AM, Jim Kinney wrote:
>>>>
>>>>> Exactly. What this does do is require that public facing code that has
>>>>> the potential to cause harm is reviewed and approved by someone that
>>>>> society, working through bright people in the field, trusts will stamp
>>>>> that code as "best available methods at this time". There will still be
>>>>> loads of jobs for non-certified coders.
>>>>>
>>>>> We already have the Business A -> Business B process. It doesn't work
>>>>> very well.
>>>>>
>>>>
>>>> Business B has a lousy marketing department then. There is a
>>>> significant need for security and to have CISSP, GIAC, or even Security+
>>>> people on teams, IF YOU LISTEN TO THEM, helps loads. You can tout the
>>>> reduced code vulnerabilities from meeting X standard and note that you
>>>> actively recruit security talent is leverage.
>>>>
>>>
>>> That's where a legal requirement will help this process. There are
>>> plenty of people who are bright and good enough to do this but the PHB
>>> doesn't listen because of PHB reasons.
>>>
>>>>
>>>> Damon's point about requiring certification raises a different issue.
>>>> Keep in mind that much of what we know is reinforced by daily usage and
>>>> decreases over time. If you get an RHCE it means you passed a rigorous
>>>> test. If you passed that test a decade ago, like me, you need to show that
>>>> you have kept current. And I don't mean paying for another certification,
>>>> but actively doing stuff in the field.
>>>>
>>>
>>> Just like other fields, that license is only valid with ongoing training
>>> credits. My vet has to go back to school every year to keep her practice
>>> certs valid. Her staff does not have to have practice certs. A RHCE on
>>> RHEL4 is nearly useless on RHEL6 (changed EVERYTHING on user security! and
>>> that doesn't account for selinux :-D )
>>>
>>>>
>>>> And doing new stuff, too. A lot has changed in the last decade and
>>>> there are lots of critical bits now that didn't exist then. That's what I
>>>> love about Linux; you can know everything today and tomorrow will bring
>>>> something new.
>>>>
>>>> The questions start to boil down to "What are the best practices that
>>>> (a) actually work and (b) can be implemented with reasonable budgets?" and
>>>> "How do we evaluate the ability to implement and inspect for them?"
>>>>
>>>> Would that be a reasonably fair set of questions?
>>>>
>>>
>>> This is good. Maybe is could be organized by criticality level based on
>>> breach outcome. Some things are already covered by various levels of
>>> computer security (some is bone-headed) from DoD. So different levels of
>>> engineering proficiency with different needs.
>>>
>>>>
>>>> Leam
>>>>
>>>> ______________________________**_________________
>>>> Ale mailing list
>>>> Ale at ale.org
>>>> http://mail.ale.org/mailman/**listinfo/ale<http://mail.ale.org/mailman/listinfo/ale>
>>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>>> http://mail.ale.org/mailman/**listinfo<http://mail.ale.org/mailman/listinfo>
>>>>
>>>
>>>
>>>
>>> --
>>> --
>>> James P. Kinney III
>>> *
>>> *Every time you stop a school, you will have to build a jail. What you
>>> gain at one end you lose at the other. It's like feeding a dog on his own
>>> tail. It won't fatten the dog.
>>> - Speech 11/23/1900 Mark Twain
>>> *
>>> http://electjimkinney.org
>>> http://heretothereideas.blogspot.com/
>>> *
>>> _______________________________________________
>>> Ale mailing list
>>> Ale at ale.org
>>> http://mail.ale.org/mailman/listinfo/ale
>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>> http://mail.ale.org/mailman/listinfo
>>>
>>>
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20130310/83ab8531/attachment.html>


More information about the Ale mailing list