Letters to the editor
Regarding the story, Federal 2000 emergency funds are going, going, halfway
gone [GCN, Jan. 25, Page 1]: Excuse me? Lawmakers
are complaining that the Y2K funds are going too quickly?
I would be much more concerned that theres still so much left. If the funds
arent obligated yet, knowing the work will take months to do and check out properly,
when do the lawmakers expect us to use it? Granted, perhaps 10 percent of the funds will
be set aside to fix things that unexpectedly break after Jan.1, 2000, but in my view if
the bulk of the rest of the funding hasnt been obligated by now, how could anyone
expect the work to be completed in time? There are less than 10 months to Jan. 1, last
time I looked.
Program manager for R&D
National Highway Traffic Safety Administration
The Justice Departments ban of Java applets [GCN, Jan. 11, Page 1] appears to be a decision based on anecdotal information and not a
risk-based decision founded on analysis of the Java security model or specific run-time
It is questionable whether the anecdotal information provided supports Justices
conclusion to ban Java and other active content code.
For example, the referenced Computer Emergency Response Team recommendation to turn
installation of vendor patches to correct the problem.
From a risk assessment perspective it is not clear why Justice bans Java yet enables
File Transfer Protocol and lets employees, per an official usage policy, use their Justice
Internet accounts for personal use.
Based on the information provided, Justice has determined that all active content code
differently when conducting a risk and vulnerability analysis. However, it is difficult to
determine the precise rationale involved in the Justice decision, because of the terms
used in your article.
There seems to be some confusion over the difference between scripting languages such
applet, a specific Java term, is used by Mark Boster as a general-purpose term for active
content code. Justice users would be better served if efforts were made to enable a
run-time environment that would allow the secure use of active content code.
Many users will not tolerate overly restricted access to the Internet and will find
workaround solutions such as dial-in accounts to Internet service providers. These
solutions will create security exposures that are far more serious than the threat posed
by a hostile applet.
In your review of year 2000 products for PCs [GCN, Jan. 11, Page 1] you designated Norton 2000 from Symantec Corp. of Cupertino, Calif., as
overall best PC readiness product. We wanted to let you know that Symantec licenses OnMark
2000 from Viasoft.
Jeffrey A. Goldberg
Director, federal operations