On Tue, 19 Jul 2016 22:13:00 -0400 Steve Kinney <admin@pilobilus.net> wrote:
Bridging the trust gap between the IT community and the US government is already a done deal, because there has never been one. The U.S. government funded and directed the creation of the IT industry.
^^^ quoted for truth
The U.S. government has not alienated the IT community: It has shielded this community from liability for fraudulent performance claims, fed it billions of dollars of annual revenue, and given Fortune 500 IT corporations nearly full control of government policy affecting those same corporations.
so called patents and copyrights, i.e. government privileges, play a fundamental role too.
Mandate security evaluations based on performance and design metrics for all software (and firmware) purchased for use by government agencies and departments.
You do get a good amount of statist pig points for that one. Actually, the government must stop buying stuff and must start giving back all the money they stole.
Mandate reporting of security incidents by every government activity, and every commercial enterprise with a State or Federal tax ID,
So yeah, statist bullshit.
Direct the Federal Communication Commission to conduct and annually review studies on the privacy impacts,
And even more statist bullshit. And of course I now have to ask. First you correctly explain the relationship between the 'industry' and the state and then expect the state to regulate it? What?
See above. A durable commitment of all necessary resources to assure that the measures suggested in response to query 2 are effectively implemented would create and sustain rational, constrained trust relationships affecting all those aspects of "cybersecurity" which are properly the government's business.
So yeah, statist pig.
A practicable proposal would be one that is within the scope of public policy authorities and industry capabilities: Vendors who assert that requirements are "impossible" or simply refuse to comply will be replaced by vendors who are ready to step forward and meet any challenges presented. Solutions to many of today's most serious and widespread network security failures are already avaialbe as off the shelf products from vendors with excellent security track records.
such as?