Letters to the editor

Regarding the story, “Federal 2000 emergency funds are going, going, halfway
gone” [GCN, Jan. 25, Page 1]: Excuse me? Lawmakers
are complaining that the Y2K funds are going too quickly?


I would be much more concerned that there’s still so much left. If the funds
aren’t obligated yet, knowing the work will take months to do and check out properly,
when do the lawmakers expect us to use it? Granted, perhaps 10 percent of the funds will
be set aside to fix things that unexpectedly break after Jan.1, 2000, but in my view if
the bulk of the rest of the funding hasn’t been obligated by now, how could anyone
expect the work to be completed in time? There are less than 10 months to Jan. 1, last
time I looked.


Gary Bell
Program manager for R&D
National Highway Traffic Safety Administration
Washington


The Justice Department’s ban of Java applets [GCN, Jan. 11, Page 1] appears to be a decision based on anecdotal information and not a
risk-based decision founded on analysis of the Java security model or specific run-time
environments.


It is questionable whether the anecdotal information provided supports Justice’s
conclusion to ban Java and other active content code.


For example, the referenced Computer Emergency Response Team recommendation to turn
JavaScript off on the browser is quoted out of context. CERT also recommended the
installation of vendor patches to correct the problem.


From a risk assessment perspective it is not clear why Justice bans Java yet enables
File Transfer Protocol and lets employees, per an official usage policy, use their Justice
Internet accounts for personal use.


Based on the information provided, Justice has determined that all active content code
is equally insecure. In reality, Java, ActiveX and JavaScript should be treated
differently when conducting a risk and vulnerability analysis. However, it is difficult to
determine the precise rationale involved in the Justice decision, because of the terms
used in your article.


There seems to be some confusion over the difference between scripting languages such
as JavaScript and compiled languages such as ActiveX and Java. For example, the term
applet, a specific Java term, is used by Mark Boster as a general-purpose term for active
content code. Justice users would be better served if efforts were made to enable a
run-time environment that would allow the secure use of active content code.


Many users will not tolerate overly restricted access to the Internet and will find
workaround solutions such as dial-in accounts to Internet service providers. These
solutions will create security exposures that are far more serious than the threat posed
by a hostile applet.


Name withheld


In your review of year 2000 products for PCs [GCN, Jan. 11, Page 1] you designated Norton 2000 from Symantec Corp. of Cupertino, Calif., as
overall best PC readiness product. We wanted to let you know that Symantec licenses OnMark
2000 from Viasoft.


Jeffrey A. Goldberg
Director, federal operations
Viasoft Inc.
Herndon, Va.





 



inside gcn

  • artificial intelligence (vs148/Shutterstock.com)

    Government leans into machine learning

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above