-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/19/2016 11:46 PM, juan wrote:
On Tue, 19 Jul 2016 22:13:00 -0400 Steve Kinney <admin@pilobilus.net> wrote:
Mandate security evaluations based on performance and design metrics for all software (and firmware) purchased for use by government agencies and departments.
You do get a good amount of statist pig points for that one.
Actually, the government must stop buying stuff and must start giving back all the money they stole.
I can dig it. But how to implement this? My strategy is to let Nature take its course; after the State collapses, surviving resources no longer under State control will be up for grabs. BTW, money as we know it is a fiction created and maintained by the State for the purpose of enriching the powerful at everyone else's expense. See how easy it is to fall into the trap of compliance with State sponsored assumpitons? :)
Mandate reporting of security incidents by every government activity, and every commercial enterprise with a State or Federal tax ID,
So yeah, statist bullshit.
Note that this would only affect the State itself, and those who have made a positive commitment to submit to State dominion.
Direct the Federal Communication Commission to conduct and annually review studies on the privacy impacts,
And even more statist bullshit.
And of course I now have to ask. First you correctly explain the relationship between the 'industry' and the state and then expect the state to regulate it? What?
This ain't a call for regulation; it's just a call for public reporting by a State agency. ;)
See above. A durable commitment of all necessary resources to assure that the measures suggested in response to query 2 are effectively implemented would create and sustain rational, constrained trust relationships affecting all those aspects of "cybersecurity" which are properly the government's business.
So yeah, statist pig.
Only if I expect this to produce real world results. Prescribing abstinence as a cure for alcoholism, or getting well as a cancer cure, would be similar in effect.
A practicable proposal would be one that is within the scope of public policy authorities and industry capabilities: Vendors who assert that requirements are "impossible" or simply refuse to comply will be replaced by vendors who are ready to step forward and meet any challenges presented. Solutions to many of today's most serious and widespread network security failures are already avaialbe as off the shelf products from vendors with excellent security track records.
such as?
For a start, if my (impossible) suggestions were implemented, Microsoft would lose its most important State protections, all its government contracts, and a large part of its market share in the business and consumer markets. Those product lines would be largely replaced by UNIX model operating systems, Free software applications, etc. My first draft was an explicit Microsoft death sentence, I worked backward from there to create generic, vendor agnostic conditions that would assure the same result. No anarchists were harmed in the production of this policy brief. I wrote it because it amuses me to keep a hand in - I used to do quality assurance programs and the like, and sometimes I miss the games. Also to troll the Commission. Thank you for your feedback, and may I add, OINK OINK. :o) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBAgAGBQJXjv4WAAoJEECU6c5XzmuqvdAIAK3cVa+zDIgUkCQNLQtCD7IO 1+1IiNaTmzR5NOpAZJYEstrOrxC0xfmAED3w471temR3c7BGI37MbJwGMIxHPfO0 kYAm3azEosnDOkUEvaOwj+mvskCgj6A58XAL9t82GX+vZnmHpO7c7QlMymnRKBmu 9KKzpSSlJEbCP8qZPb9kSPTMJ/sMSUTKaKgY8DwCtBBi1fSCah6AT8bnlgAhD2z6 aSE4/mnaWqDPez6gPPCkKXqCqyt63niYatcu+LBeA/5ifuzV3YXHQ8QwTgWLB30o sK9mmdH6F2YyqKV9yFBr7YyMRx05srSbaEIfrV+D9IK4sNE5ilL2QkD7QRbG+gY= =EyUm -----END PGP SIGNATURE-----