[trustable-software] Re Git Auditing Tool and other topics
trustable at panic.fluff.org
trustable at panic.fluff.org
Wed Dec 28 09:27:45 UTC 2016
On Wed, 21 Dec 2016, John Lewis wrote:
> Hi,
>
> Various comments
>
> You may find this useful - https://codescene.io/about <https://codescene.io/about> Adam has recently undertaken an audit of Linux.
>
> Edmund - Much of this debate is covering old ground. We had the IAM
> issue on Eurofighter and it was covered in the ECMA work. That covered a
> single project / multiple sub-projects and companies. Effective IAM is
> very difficult outside of tightly controlled organisations. as gov.uk
> <http://gov.uk/>
John, all the organisations I work, with the exception of those below
10 employeers, have IAM. I can't think of a University, Bank (commercial
or retail), trading organisations or exchange, hospital or university
which is withouth the ability to do IAM. These organisations require it to
meet legal requirements, but often much more importantly they are using it
to manage and account for resources spent on projects and visibility.
What is interesting that much of opensource development is done without
this IAM, particualrly the ability to verify who the axtors are. In the
end we have to treat this code like a crime scene investigation if we are
to determine whether only trustable people worked on it.
Edmund
--
========================================================================
Edmund J. Sutcliffe Thoughtful Solutions; Creatively
<edmunds at panic.fluff.org> Implemented and Communicated
<http://panic.fluff.org> +44 (0) 7976 938841
More information about the trustable-software
mailing list