Comments on: Unconventional Wisdom http://shermansolutionsllc.com/secmusings/archives/3 Andy's Reflections on Technology and Security Wed, 07 Jan 2009 03:36:54 +0000 http://wordpress.org/?v=2.6.2 By: andy http://shermansolutionsllc.com/secmusings/archives/3#comment-14 andy Mon, 30 Jun 2008 14:08:15 +0000 http://shermansolutionsllc.com/secmusings/?p=3#comment-14 I missed that one. I'd love to hear more about it. I missed that one. I’d love to hear more about it.

]]> By: yathrib http://shermansolutionsllc.com/secmusings/archives/3#comment-13 yathrib Sun, 29 Jun 2008 10:57:18 +0000 http://shermansolutionsllc.com/secmusings/?p=3#comment-13 Oh yes, I would love to know where many of these "sounds like security, but it's not" policies come from. Auditors often suggest policies which engineers should know better than to accept. I don't know if you recall the furor a few years ago about "MarketScore" (now called comScore) amongst .edus, but that was a good example of auditor-driven policies (firewalling off MarketScore's servers) which weren't the best solution. Oh yes, I would love to know where many of these “sounds like security, but it’s not” policies come from.

Auditors often suggest policies which engineers should know better than to accept.

I don’t know if you recall the furor a few years ago about “MarketScore” (now called comScore) amongst .edus, but that was a good example of auditor-driven policies (firewalling off MarketScore’s servers) which weren’t the best solution.

]]>