tag:blogger.com,1999:blog-4088979.post4550770974201926355..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: Last Book Reviews of 2007 PostedRichard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-4088979.post-37001867511635454322008-03-10T09:17:00.000-04:002008-03-10T09:17:00.000-04:00http://linux.slashdot.org/comments.pl?sid=401894&c...http://linux.slashdot.org/comments.pl?sid=401894&cid=21858620Richard Bejtlichhttps://www.blogger.com/profile/13512184196416665417noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-91447059275168901862008-01-01T08:41:00.000-05:002008-01-01T08:41:00.000-05:00I didn't read Geekonomics in the way that you did....I didn't read Geekonomics in the way that you did. I don't see any need for analysis of localized risk management or information security management. David Rice was discussing quality, security, and safety in software as if they were all one in the same (which they are).<BR/><BR/>There is certainly a difference between software assurance and information assurance. Geekonomics chose to look at all software from a software assurance perspective. It acknowledged that software users should have certain rights and privileges bestowed upon them by software vendors. According to Geekonomics, software vendors are not being held accountable for the vulnerabilities they are creating -- but also any/all aspects of quality. The vulnerability problem is primarily a software assurance problem. Certainly that's not the only information or data assurance problem -- the author never suggested it as such, or even as a panacea. It's my opinion that David Rice wasn't seeking to solve the problems of information -- only software. Maybe you could re-read it in that light.drehttps://www.blogger.com/profile/17414510788948258195noreply@blogger.com