funsec mailing list archives
Re: Presidential Internet Kill Switch
From: Dan Kaminsky <dan () doxpara com>
Date: Wed, 23 Sep 2009 16:59:45 +0200
I'm a touch ambivalent about the certification thing. On the one hand it can be a pain (and one more damn course to take), on the other hand I can understand how external non-expert regulatory regimes could desire reasonable assurance that the folks doing the work are qualified.
Be that as it may, the data rather clearly suggests certification in the security realm is (very) badly correlated with qualification.
As it stands it is a [sic]"the prime contractor needs the cert" thing, so everyone under that person/organization would not require it. It would depend to some extent how onerous getting the cert is to tell how it might shape contracting relationships. In any case, it wouldn't hurt for everyone to get the cert if at all possible.
Ah. You're seeing the cert as a test that can be objectively passed. But there's nothing that requires that. It's more a state that must be subjectively granted. If the certification authority doesn't like you, you don't work -- no matter how qualified, no matter how much certain people would like to hire you. Don't think "well, it's only the prime" that needs to sign protects you -- that just means the stakes on getting you fired quick are much higher. Bottom line: What if the only people allowed to do security work were CISSPs? (Yes, this applies to government systems and critical infrastructure, for now. But you know, that latter part isn't well defined either. Is Linux critical infrastructure?) --Dan _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Presidential Internet Kill Switch, (continued)
- Re: Presidential Internet Kill Switch Larry Seltzer (Sep 22)
- Re: Presidential Internet Kill Switch Michael Graham (Sep 23)
- Re: Presidential Internet Kill Switch Larry Seltzer (Sep 23)
- Re: Presidential Internet Kill Switch Rob, grandpa of Ryan, Trevor, Devon & Hannah (Sep 23)
- Re: Presidential Internet Kill Switch chris (Sep 23)
- Re: Presidential Internet Kill Switch Nick FitzGerald (Sep 24)
- Re: Presidential Internet Kill Switch Larry Seltzer (Sep 22)
- Re: Presidential Internet Kill Switch Paul Ferguson (Sep 22)
- Re: Presidential Internet Kill Switch Dan Kaminsky (Sep 22)
- Re: Presidential Internet Kill Switch chris (Sep 23)
- Re: Presidential Internet Kill Switch Dan Kaminsky (Sep 23)
- Re: Presidential Internet Kill Switch phester (Sep 23)
- Re: Presidential Internet Kill Switch Michael Collins (Sep 23)
- Certs [was Re: Presidential Internet Kill Switch] der Mouse (Sep 27)
- Re: Certs [was Re: Presidential Internet Kill Switch] Jon Kibler (Sep 28)