On Tue, Sep 24, 2002 at 12:57:17PM -0700, T. Kenji Sugahara wrote: Kenji, nice omnibus response. :) > Rob Magee- Could you expound on "management makes decisions based on > as much convenience as they can get away with." I'm curious to know > what exactly this means. As I understand Rob's statement, this quote may help clarify: "Given a choice between dancing pigs and security, users will pick dancing pigs every time." --Ed Felten. Most security, especially of the sort the state was being lambasted for not having, is often a significant obstacle to getting work done. The various departments don't exist to be experts in security -- they exist to perform their various services for the state. Spending $100,000 to improve security might not be worth the expense if it would prevent $20,000 worth of fraud; the privacy issues are much more difficult to quantify, but spending real money on intangible benefits is a difficult sell. :) As specifics: consider JavaScript, ActiveX, Word/Excel/VBA Macros. All are more or less horrible, from a security perspective, but continue to persist because they make one group's dancing pigs prettier than other groups' pigs... > (I wrote an open source license for one our software products- which > hopefully will be adopted by many states in their quest for electronic > filing in courts- its under evaluation by a consortium of about 5 > states right now). Great! :) Best of luck! Whoooohooo. :) -- http://immunix.org/
This archive was generated by hypermail 2b30 : Tue Sep 24 2002 - 14:28:19 PDT