Christopher Browne wrote:
>>Alexander Schreiber <als_at_usenet.thangorodrim.de> writes:
>>
>>
>>>Add backdoors and things get even more interesting. One commercial
>>>database (ISTR it was Interbase) shipped with a backdoor for years
>>>that only got discovered (and removed) when the code finally went
>>>Open Source.
>>
>>Quite true. It's a good thing the Sarbanes-Oxley statute (a
>>U.S. law, not an international law, by the way) does not require
>>companies to trust Oracle et al more than they trust their DBA.
>>However, the statute does seem to leave it up to auditors to
>>determine what constitutes appropriate controls. I'm curious as to
>>what auditor told DA Morgan that he had to use a closed-source
>>product that is supposed to be tamper-proof. KPMG hasn't told my
>>employer anything like that.
>
>
> Our auditors didn't tell us anything like that, either.
>
> Perhaps someone is blowing smoke from their nether regions?
Well the auditors at a number of public companies in the Pacific
Northwest have been rather clear about it. Are you with a publicly
held company?
--
Daniel A. Morgan
http://www.psoug.org
damorgan_at_x.washington.edu
(replace x with u to respond)
Received on Tue Jan 10 2006 - 10:37:55 CST
