Re: [ISN] Gates pledges better software security

From: InfoSec News (isnat_private)
Date: Sat Jan 25 2003 - 03:01:55 PST

Next message: InfoSec News: "[ISN] White House CyberSecurity Adviser to Resign"

Previous message: InfoSec News: "[ISN] U.S. agencies get help with security patches"
Maybe in reply to: InfoSec News: "[ISN] Gates pledges better software security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Forwarded from: Kurt Seifried <kurtat_private>

This is interesting as it poses the potential to be a VERY good thing.
But I doubt it will be a very good thing.

Quick background:

Kurt got a book on knowledge management (buzzword bingo score: 4
points). One of the big themes is that complex systems need to be
adaptive and evolve. This requires there to be some sort of learning
mechanism(s). Most often these mechanisms must be present at multiple
levels and can be quite different. A university for example: students
learn, students fill out course evaluation forms, teachers research
and publish articles, research in conducted at personal, group,
departmental and other levels. There are processes in place to create
new courses, and even new faculties should something new arise
(Computer Science being a recent example). Universities are (generally
speaking) VERY well equipped to meet the future, because they have
sunch ingrained learning processes and the support to implement what
is learned.

Computer and Information Security, in almost all settings and
organizations (Vendors, Users, etc.) has shown time and time again
that these learning processes are not in place. Consequently the
industry is in a complete shambles, with no real hope in the near
future. Bills like this one can potentially get people to start
implementing learning processes, i.e. establish within the company a
group to identify IT related problems and then solve them, I'm talking
much higher level then "viruses are a problem, let's educate users and
do foo bar and baz to block viruses". Things like "We see security
challenges, let's set up a forum where people can bring concerns,
let's make a list of people internally and what their skills are so we
can form groups of appropriately skilled people to deal with these
concerns, let's list managers so we know who to contact with respect
to concerns, etc, etc".

==========

The funny thing is I sent the above email, exactly as is with respect
to a completely different topic, but same issue. We have to get
learning processes in place, and the meta processes that manage these
learning processes.


Kurt Seifried, kurtat_private
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.

Next message: InfoSec News: "[ISN] White House CyberSecurity Adviser to Resign"
Previous message: InfoSec News: "[ISN] U.S. agencies get help with security patches"
Maybe in reply to: InfoSec News: "[ISN] Gates pledges better software security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Jan 25 2003 - 11:39:08 PST