Re: [Fed-Talk] Re: CMV/CAVP Process Clarification
Re: [Fed-Talk] Re: CMV/CAVP Process Clarification
- Subject: Re: [Fed-Talk] Re: CMV/CAVP Process Clarification
- From: "Miller, Timothy J." <email@hidden>
- Date: Thu, 13 Oct 2011 12:19:40 +0000
- Thread-topic: [Fed-Talk] Re: CMV/CAVP Process Clarification
Lost sales are meaningless as they can't be measured. This is doubly true
in the Federal space because we are legally barred from promising
purchases based on conditional changes to the products.
So while a bug report may be useful (and my experience with bug filing at
Apple has been uniformly negative), I'm skeptical that lost sales claims
will gain any additional traction.
Now, a bug report showing a product failure resulting in losing a *current
account* (e.g., because of work stoppage) is an entirely different beast.
-- T
On 10/12/11 3:01 PM, "Paul Suh" <email@hidden> wrote:
>Folks,
>
>Please file bugs. Seriously.
>
>We can talk to our friends in Apple engineering at length about an issue,
>but if we don't file Radar bugs they're not going to do anything about
>it. Same applies to talking to/e-mailing/otherwise communicating with
>Shawn. He'll take the feedback to Cupertino and they'll listen, but that
>pales next to the attention that a Radar bug with a customer impact of
>$XX million in lost sales will get. Put your dollar figure in your bug
>report. They read the reports, believe me. Talking about stuff on this
>list doesn't have any real effect on decisions in Cupertino.
>
>Once engineering management knows about the customer impacts, they can
>devote more resources to fix the problem. This includes submitting more
>modules to the FIPS process and pushing things through the pipeline
>faster.
>
>Let's make it easy for everyone:
>
> https://bugreport.apple.com/
>
>Click on the URL and sign in. File your bug. Include the number from your
>budget that won't get spent on Apple equipment because of FIPS
>certification issues. That wasn't so hard, was it?
>
>Your bug will probably be marked as a dupe and closed. This is OK. The
>volume of dupes is one metric that they use to see how many people are
>being affected by a bug. Cherish the glow of satisfaction that comes
>you've done something that makes a difference, rather than just venting
>about the issue.
>
>
>--Paul
>
>
>Paul Suh
>email@hidden
>(240) 672-4212
>http://ps-enable.com/
>
>
>
>
>On Oct 12, 2011, at 9:39 AM, Link, Peter R. wrote:
>
>> Paul,
>> Thank you for your concern. We're pestering Shawn because he is the
>>Apple contact for encryption. Filing a bug won't get approvals through
>>NIST any faster. All we're asking for are explanations and status (more
>>in depth status that what we can get from NIST). We have received this
>>information, especially when I offer (slightly) incorrect information
>>and Shawn is gracious enough to politely correct me. We understand Apple
>>is reengineering their encryption modules and, as of this week, know
>>Apple is not going to submit some modules to NIST for FIPS 140-2
>>validation (including FileVault 2). This will have an impact on all
>>government Mac users and we're going to have to find a way to deal with
>>it.
>>
>
> _______________________________________________
>Do not post admin requests to the list. They will be ignored.
>Fed-talk mailing list (email@hidden)
>Help/Unsubscribe/Update your Subscription:
>
>This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden