[nsp-sec] Circle of trust [was: Vetting: Wang Hua]
Krista Hickey
Krista.Hickey at cogeco.com
Thu Jan 28 17:04:05 EST 2010
Patrick W. Gilmore wrote
>
> Good point on the re-evaluation. So let's discuss it now.
>
> I do not believe the core reasons for valuing security over inclusion
have
> changed. I also believe that people who want to join the community
should start
> with more open means.
<snip>
I've participated in the previous evaluations on this topic and my
opinion hasn't changed, I'm pretty much in agreement with what Patrick
and others have said thus far. Trust is more important than inclusion -
there's a myriad of security groups, lists, associations so if one wants
to be included they can, trust on the other hand is earned and not
merely granted because your business card says so. And sure it's
difficult to build trust when you might not have a robust travel budget
but I've done it (at least I think I have!) and I'm sure many others
have. I would also think that it might be a bit easier these days given
the list membership has grown over the years which theoretically means
there might be more opportunity to meet someone to vouch for you.
Personally I will not vouch for anyone except those that I've had direct
positive relationships with, it's difficult to turn people down when
they ask for a reference but I have and I will again (this has even
included folks that sign my pay cheque!). I feel that I, and my
reputation, are responsible for those I vouch for so I'm not going to
risk my reputation unless I'm sure and I would hope that is how everyone
here approaches the vetting process.
And sure it benefits the group overall to have participants from all
over but unless there's that personal trust vouch I suggest we find
other opportunities to proxy information until that trust vouch is
available...I'm sure more than a few folks on the list participate in
various govt groups, certs, etc. and they likely already help proxy
sanitized notices out but if not maybe we can formalize that so that
mitigating information gets to the right folks without jeopardizing
trust and scaring off those that provide valuable information.
There's also the whole aspect of mute members but I think I'll pass on
that rant for now as I don't believe that particular issue will ever be
solved.
Krista
7992
More information about the nsp-security
mailing list