I have enjoyed reading your columns over the last 12 months, and I have the highest regard for your integrity and professionalism. I am sorry to see you go, but I hope that www.securityfocus.com makes a point of leaving the door open for you should you decide to come back.

More and more companies are switching to Linux. However, most of them are more interested in what the switch-over to Linux can get them than in Linux itself - even as they benefit heavily from Linux. I suggest that it is not too much to ask of the likes of IBM, Sun or HP that they put some pressure on the designers of mission-critical Open Source products to clean up their code security-wise. It is not too much either to ask of them that they contribute the resources to speed up that effort for the benefit of everyone.

Linux is the platform of choice as far as introductions of innovative software products go. The more secure that platform and the more secure these products, the brighter Linux's future will be - and of course, the brighter the future of those companies that bet themselves on Linux will be.

We will have to do something about Linux/UNIX training: the certifications are inadequate, and the literature that is available commercially is inadequate - Something is wrong when the leading authors can get excellent reviews for their 100th description of the "ls" command and its options, while totally ignoring say the importance of properly partitioning hard disks during the installation process. In my own experience, I have found out that book learning does not begin to cover what daily exposure for a couple of years to a couple of UNIX gurus does.

I believe that the vaunted CISSP certification is worthless, because it holds no guarantee that any of its holders have incident response capability. However, it would be a great certification to have if I were a non-technical executive rather than a hands-on line manager, and I wanted to b.s. and otherwise harass the technical staff. There are probably a few of these paper pushing security certifications floating around. Give me real certifications like CCSA, CCSE, CCNP, CCSP, CCIE/Security, GIAC any day of the week.

Good luck to you. We'll miss you.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/159/19853#19853