Benjamin Franz wrote:
> On 11/30/2010 10:42 AM, Lamar Owen wrote:
>>
>> It boils down to balancing 'it breaks my app that I can't or won't fix'
>> against 'you've been pwned!'
>
> Actually, it boils down to 'what causes more total costs to the
> business'. Right now, in my experience, that is SELinux. Break ins to my
<snip>
> Security in not an end unto itself. It exists to support the business
> making money. If a cost saving measure is costing the business more than
Not just making money, says the guy who's works for a federal contractor.
It exists, in the IT world, to keep the systems working, and not
corrupted.
> it is saving it, it is *not* a good idea no matter how technically
> superior it is.
There's a story on today's slashdot, about how the terrorists have won -
for *very* little money, they've cause countries and governments, esp. the
US gov't, to spend hundreds of billions of dollars on prevention.
>
> This in a very real sense is similar to the 'how much resources should
> measures to prevent shoplifting be given' in a retail store. If the
> anti-shoplifting measures are costing *more* than the shoplifting you
> are preventing - you have lost sight of the actual reason for
> anti-shoplifting measures in the first place.
Yup. Seen lots of companies do just that, or try to squeeze out the last
dime... and spend dollars doing it.
mark