Educause Security Discussion mailing list archives

Re: Vetting of software to be installed on production systems

From: Jesse Thompson <jesse.thompson () DOIT WISC EDU>
Date: Fri, 10 Apr 2009 09:23:59 -0500

Gary Flynn wrote:


I'm trying to provide some general guidance on making trust
decisions for software to be installed on production systems.

Does anyone have any documentation or policies concerning
a vetting procedure I could look at or any general advice?


How about:

Hire competent staff to perform technical reviews.  And trust them to
make smart decisions.  Since all software is different, any vetting
procedures you create would have to be so generic that they would be
common sense to a competent technologist, and not thorough enough for a
technologist that doesn't think outside the box.

Jesse

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Current thread:

Vetting of software to be installed on production systems Gary Flynn (Apr 01)
- <Possible follow-ups>
- Re: Vetting of software to be installed on production systems Jesse Thompson (Apr 10)
- Re: Vetting of software to be installed on production systems Sarazen, Daniel (Apr 10)