Re: Next stop, jail

[InfoSec News <isn () c4i org>]

Forwarded from: Mark Neely <mpn () infolution com au>

In an online article, Charles Cooper was quoted as saying:

> There's a lesson here for the debate over how best to proceed on
> cybersecurity: Whatever its imperfections, the lesson of
> Sarbanes-Oxley is that if you want results, scare the hell out of
> 'em.

This, IMHO, would be a very bad idea - corporate accounts are a
completely different beast to software.

To wit:

(a) Sarbanes-Oxley was designed to ensure adherence to a commonly
agreed standard of corporate accounting. There are few commonly agreed
standards of software development.

(b) "Profit" and "loss" are fairly universal terms. There are few
software applications of equally universal application (sure, you may
think a web server is a web server, but very few web servers are
alike, in terms of hardware platform, concurrent processes and
application)

(c) Sarbanes-Oxley's primary role is to avoid "innovation" in
corporate accounting to ensure everyone does one thing - account for
profit and loss - in precisely the same way. How many software
developers want to live in that sort of world?

Regards,

Mark

Mark Neely, LLB MSTC
Author & Technology Commercialisation Consultant
email: mpn () infolution com au



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.