|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Pete Herzog (lists
isecom.org)
Date: Sat Dec 20 2008 - 05:05:10 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> "professionalized" ourselves by requiring licensing. The industry
> reliance on certification rather than licensing as a credential somewhat
> serves to muddy the waters because the decision makers hiring security
You think government-mandated licensing doesn't have the same
problems? By blocking people who don't conform to the license model or
can't afford it, you create a secondary culture which operates just
outside the boundaries and undercuts the licensed professionals who
are already feeling the pains of protective insurances and government
regulation that the non-licensed people avoid and can spend on
marketing. Furthermore, lobby groups with money o spend would dominate
this licensing scheme in the best way it benefits them, lowering the
bar of who can get licensed by skill but restricting it by price (and
association). This fractures the market even more, confuses customers,
and adds new cost burdens to security which must then either be
government subsidized or added to the customer's cost.
The security market may be too fractured, too full of lies, and too
arrogant to support a proper licensing program. Something simple like
a mandate of stating the factual attack surface of a program, device,
or product in general would go a long way to informing the customers
of how exposed the new purchase will make them what they're buying and
can track it and compare it to the results of the audit's they're
buying. Right now most people are buying black box inspections of
boxes with unknown contents. I think the market would cut out many of
the bad players if the customers knew what it was they were actually
getting audited and what the results should be. Currently they're
getting a lot of "clutch grease" inspections on automatic cars because
they have no idea what's in the car.
-pete.
OPST, OPSA, OWSE, OPSE
www.isecom.org
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now
www.cenzic.com/landing/trends-report
------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]