A "No Kidding" Risk Analysis
George Toft
plug-discuss@lists.plug.phoenix.az.us
Sat, 02 Feb 2002 22:28:37 -0500
"We are not Microsoft bigots, we are Linux enthusiasts."
Here is a risk assessment for a serious flaw in some
vendor-provided code. In this scenario, when a person
registers at the web site for access, their password
is mailed to them (privacy requirement & upcoming Federal
Law). The estimated time for this transaction is 6 days.
The flaw manifested itself when a user registered on the
site, and then, in the same browser session, logged in
for the very first time, which of course, was during
testing. The flaw could not be tracked down. During
the risk analysis of the flaw, the consensus was: "This
will have zero impact to our members as everyone knows
Windows can't stay up for 6 days."
I'm not kidding! This is what business people are
saying about Windows.
"We are not Microsoft bigots, we are Linux enthusiasts."
George