[Info-vax] Enhanced Password Management
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Fri Mar 22 11:07:54 EDT 2019
On 2019-03-21 17:39:48 +0000, dgordonatvsi at gmail.com said:
> ...VSI has a class of customers for which this feature would be
> absolutely unacceptable. These are the same sorts of customers who
> insist on physical installation media.
The question is not now and never has been preventing customers from
doing Bad Things.
Customers quite commonly do Bad Things. Using DECnet, telnet, non-TLS
IP, etc. Using this Dehanced Password Management Kit, soon.
Increasingly, using not-MFA, not-encrypted-storage, etc.
The question has been whether y'all lead. Whether y'all guide. Whether
y'all are clear about where there are problems and risks. Whether
y'all make continuing to do these Bad Things more Obviously Bad. Or
More Costly. Y'all are the experts here, after all.
Burying the lede here is not leadership. It's not a way to build
trust. It's not a way to secure OpenVMS, and not a way to evolve and
update apps toward security.
Y'all certainly can't fix bad checkbox security, but y'all can help
guide the ignorant and the unknowing.
Yes, you're a startup, and the Next Big Sale always holds sway.
But where are y'all headed with OpenVMS, beyond the Next Big Sale?
Building trust among your customers?
I've already slammed into a rather large "oh, yeah, we didn't document
that restriction" case with VSI. Still haven't documented that case,
AFAICT. Making a habit out of this? Not building trust.
Yeah, alligators, swamps, startups, I get it.
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list