Information Security News mailing list archives
Re: Next stop, jail
From: InfoSec News <isn () c4i org>
Date: Mon, 29 Dec 2003 04:08:10 -0600 (CST)
Forwarded from: Mark Neely <mpn () infolution com au> In an online article, Charles Cooper was quoted as saying:
There's a lesson here for the debate over how best to proceed on cybersecurity: Whatever its imperfections, the lesson of Sarbanes-Oxley is that if you want results, scare the hell out of 'em.
This, IMHO, would be a very bad idea - corporate accounts are a completely different beast to software. To wit: (a) Sarbanes-Oxley was designed to ensure adherence to a commonly agreed standard of corporate accounting. There are few commonly agreed standards of software development. (b) "Profit" and "loss" are fairly universal terms. There are few software applications of equally universal application (sure, you may think a web server is a web server, but very few web servers are alike, in terms of hardware platform, concurrent processes and application) (c) Sarbanes-Oxley's primary role is to avoid "innovation" in corporate accounting to ensure everyone does one thing - account for profit and loss - in precisely the same way. How many software developers want to live in that sort of world? Regards, Mark Mark Neely, LLB MSTC Author & Technology Commercialisation Consultant email: mpn () infolution com au - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- Next stop, jail InfoSec News (Dec 22)
- <Possible follow-ups>
- Re: Next stop, jail InfoSec News (Dec 29)