back to article BSA kicks multiple holes in India's infosec reporting rules

Lobby group The Software Alliance (BSA)* has written to India's government, pointing out impractical requirements, inconsistencies, and flaws in the nation's recently announced infosec reporting rules. The organization says the problems can only be addressed with extensive consultations and a delay to implementation. The BSA …

  1. ShadowSystems Silver badge

    The B stands for something.

    Bullshite Splooging Agency. *Hands you a tankard full of MindBleach* Drink up, it'll help reduce the twitching. =-Jp

    1. Snake Silver badge

      Re: The B stands for something.

      "BSA". Even the mere thought of a Lucas CPU makes me shudder ;-p

  2. Pascal Monett Silver badge

    Interesting

    BSA drops Business to become just Software Alliance. Oh well, at least in this case their mumblings are useful. The Indian government is apparently in need of a crash course in business Internet.

  3. Anonymous Coward
    Anonymous Coward

    is that a bug or a feature?

    > "stands to be flooded with incomplete information that will not present actionable data or, even worse, will include inaccurate data that distracts its attention and resources in the midst of critical incident response."

    Considering my extremely low opinion of the technical depth behind this bullshit, I fail to see how the above is a problem. I've already said that CERT is effectively saying "come, DDOS me", and who are we to say "no sir!"?

    On another note, I hate that CERT has finally created a situation where I find myself even somewhat in agreement with the (B)SA -- oh the shame of it!

    (Posting anonymously because reasons!)

    1. Doctor Syntax Silver badge

      Re: is that a bug or a feature?

      Considering my extremely low opinion of the technical depth behind this bullshit, I fail to see how the above is a problem. I've already said that CERT is effectively saying "come, DDOS me", and who are we to say "no sir!"?

      I've always believed that IT's ultimate sanction is to give users exactly what they asked for. This seems to be an appropriate occasion for applying it.

  4. VoiceOfTruth

    The BSA

    What a joke. This organisation should get off its arse and harangue its members to stop supplying software full of security holes. Why have we never heard it?

    Now when India calls these companies to account it doesn't like it. You want to do business in India, you will have to follow Indian rules. Stop acting like the colonialists.

    1. Alex 72
      Alert

      Re: The BSA

      Whilst I have no wish to defend the (B)SA, I must take exception with the implication that it is wise for India's CERT to ignore the collective experience of companies many of whom have 75+ years of experience in this space and spend Indian taxpayers money on measures that will not work.

      I do agree that these firms have responsibilities for software vulnerabilities and bad architectural decisions from decades ago but most if not all of them release patches every month. These firms are at least trying to deliver secure software. CERT-In if it is not taking feedback seriously or attempting continuous improvement are making themselves part of the problem and not the solution.

      1. Michael Wojcik Silver badge

        Re: The BSA

        Indeed. I've yet to see a single reputable security researcher endorse these reporting requirements.

        I suspect CERT-In are acting under orders, and that the government sees this as purely a surveillance opportunity. But in any case it's completely unproductive as an IT-security measure.

    2. veti Silver badge

      Re: The BSA

      Yeah, that'll happen - just as soon as the Indian government gets off its arse and starts haranguing itself to respect its own constitution and write laws that make sense.

      Seriously, are you even listening to yourself?

      1. Michael Wojcik Silver badge

        Re: The BSA

        Someone who goes by "VoiceOfTruth" is not likely to exhibit much capacity for critical reflection. Unless the account is meant as some sort of ironic Orwellian-sockpuppet act, in which case Poe's Law applies.

  5. MJI Silver badge

    British Small Arms

    Made motorcycles

    1. Dave Pickles

      Re: British Small Arms

      s/British/Birmingham/

      https://en.wikipedia.org/wiki/Birmingham_Small_Arms_Company

      1. Androgynous Cow Herd

        Re: British Small Arms

        " Bastard Stopped Again"

        1. captain veg Silver badge

          Re: British Small Arms

          Bits Stuck Anywhere.

          -A.

  6. NoneSuch Silver badge
    Coat

    "The tone of the letter is polite"

    The response will be less so. Telling ignorant politicians they are wrong? Well, that will be taken well.

  7. Michael Wojcik Silver badge

    The B stands for...

    The Software Alliance is the renamed Business Software Association, and its formal brand is now "BSA | The Software Alliance". Like, the B doesn't stand for anything at all.

    I suggest we reconn it to stand for "Beta", which nicely describes both the Association and the Software for which it stands.

    I also suggest we write it as βSA, just to annoy their marketing people. (I know, that's a lowercase beta, but the uppercase one only works as a joke if you check the encoding. Dratted homoglyphs.)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022