Greg wrote
At 04:33 PM 9/4/2001 -0700, John Young wrote:
>Look, I'll accept that we will all succumb to the power of the market,
>so limit my proposal for full disclosure to those over 30. After that
>age one should know there is no way to be truly open-minded.
>And, in the spirit of full disclosure, I'll mention that at C2Net we did
>sell our software to the government/intelligence agencies who wanted it -
>they paid the same prices as any other customers, signed the same sales
>contracts (we'd negotiate some on warranty terms for big purchases), and
>otherwise got what everyone else got - not more, not less.
Your honesty is admirable--and unlike certain other cases, I don't have any
real reason to doubt what you say. But are you sure you have adequate
security and counter-economic espionage measures in place? Have you had
anyone do penetration testing lately? How much do you trust the people you
work with?
Wish I had a nickel for every time some young (or not-so-young)turk at a
security conference or elsewhere started blabbing about things they
shouldn't have out of nothing more than a desire to seem big and impress
me. Feds and hackers alike, same old song and dance. I never even try to
elicit information, either: I don't know, maybe it's some kind of sexist
thing to assume a sweet-faced polite young woman could ever be a security
threat. The sick thing is, if I were really evil I could have made a lot
more than a nickel... Depressing. Wake up and shut up, dumbasses.
Back to the insider problem: It's not exclusively a moral issue--whether
you think you have more to fear from Uncle Sam, China, or the competitor
down the street, everyone can agree that employees who sell out your
technology to those out to compromise it are bad news. And frankly, the
very people who wouldn't deal with China in a million years might be the
ones most willing to listen to agents peddling the old "in the interests of
national security" line.
And whereas government agencies have always had a strong "culture of
paranoia" that at least gets the issues on the table, private companies are
at a disadvantage because they never even saw it coming. With a lot of
young tech companies having spent the last few years feeling fat, happy,
and oh-so-much smarter than those fusty old feds, you've got a potentially
massive disaster in the making.
Oh well, here's hoping you never get stung by the insider problem
personally.
~Faustine.
