Forwarded from: Mark Neely <mpn@private> In an online article, Charles Cooper was quoted as saying: > There's a lesson here for the debate over how best to proceed on > cybersecurity: Whatever its imperfections, the lesson of > Sarbanes-Oxley is that if you want results, scare the hell out of > 'em. This, IMHO, would be a very bad idea - corporate accounts are a completely different beast to software. To wit: (a) Sarbanes-Oxley was designed to ensure adherence to a commonly agreed standard of corporate accounting. There are few commonly agreed standards of software development. (b) "Profit" and "loss" are fairly universal terms. There are few software applications of equally universal application (sure, you may think a web server is a web server, but very few web servers are alike, in terms of hardware platform, concurrent processes and application) (c) Sarbanes-Oxley's primary role is to avoid "innovation" in corporate accounting to ensure everyone does one thing - account for profit and loss - in precisely the same way. How many software developers want to live in that sort of world? Regards, Mark Mark Neely, LLB MSTC Author & Technology Commercialisation Consultant email: mpn@private - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Dec 29 2003 - 04:43:31 PST