[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    Re: [ISN] Next stop, jail
From:       InfoSec News <isn () c4i ! org>
Date:       2003-12-29 10:08:10
[Download RAW message or body]

Forwarded from: Mark Neely <mpn@infolution.com.au>

In an online article, Charles Cooper was quoted as saying:

> There's a lesson here for the debate over how best to proceed on
> cybersecurity: Whatever its imperfections, the lesson of
> Sarbanes-Oxley is that if you want results, scare the hell out of
> 'em.

This, IMHO, would be a very bad idea - corporate accounts are a
completely different beast to software.

To wit:

(a) Sarbanes-Oxley was designed to ensure adherence to a commonly
agreed standard of corporate accounting. There are few commonly agreed
standards of software development.

(b) "Profit" and "loss" are fairly universal terms. There are few
software applications of equally universal application (sure, you may
think a web server is a web server, but very few web servers are
alike, in terms of hardware platform, concurrent processes and
application)

(c) Sarbanes-Oxley's primary role is to avoid "innovation" in
corporate accounting to ensure everyone does one thing - account for
profit and loss - in precisely the same way. How many software
developers want to live in that sort of world?

Regards,

Mark

Mark Neely, LLB MSTC
Author & Technology Commercialisation Consultant
email: mpn@infolution.com.au



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo@attrition.org with 'unsubscribe isn'
in the BODY of the mail.
[prev in list] [next in list] [prev in thread] [next in thread]