Comments on: The Eyes of Texas Are on Baseboard Management Controllers? WHAT??!!!

By: LonerVamp

LonerVamp — Wed, 13 May 2009 16:41:53 +0000

Section 3 is also the one that caught my eye the most. I’ll be interested where that could go or lead over the years, especially since that information can cut multiple ways.

By: Gusano

Gusano — Mon, 11 May 2009 16:25:03 +0000

Your analysis was spot on and very helpful, thanks for taking the time and bringing this to the public’s attention. The following was cut and paste from:

http://www.journals.senate.state.tx.us/sjrnl/81r/pdf/81RSJ05-07-F.PDF#page=24

COMMITTEEiiSUBSTITUTE
HOUSE BILL 1830 ON SECOND READING
On motion of Senator Ellis and by unanimous consent, the regular order of business was suspended to take up for consideration CSHB 1830 at this time on its second reading:

CSHB 1830, Relating to information technology security practices of state agencies.
The bill was read second time.
Senator Ogden offered the following amendment to the bill:
Floor Amendment No. 1 Amend CSHB 1830 (committee printing), in SECTION 6 of the bill, on page 3, lines 47, by striking “, including closed loop event management technology that
secures, logs, and provides audit management of baseboard management controllers and consoles of cyber assets”.
The amendment to CSHB 1830 was read and was adopted by a viva voce vote.
All Members are deemed to have voted “Yea” on the adoption of Floor
Amendment No. 1.
On motion of Senator Ellis and by unanimous consent, the caption was amended to conform to the body of the bill as amended.
CSHB 1830 as amended was passed to third reading by a viva voce vote.
All Members are deemed to have voted “Yea” on the passage to third reading.

By: Pete

Pete — Fri, 08 May 2009 01:09:36 +0000

Try googling “baseboard management controller” and “closed loop” event management and clicking on the first entry. A Plano, Texas based company…

By: alex

alex — Thu, 07 May 2009 19:58:43 +0000

@Adam – I agree, but first things first. It would be even better if they took the clause about information sharing, started a consortium, and released aggregate State Gov. information, too.

By: Adam

Adam — Thu, 07 May 2009 19:14:16 +0000

On section 3, I think you’re letting them off too easy. While we clearly don’t want to increase vulnerability by talking about live vulns, I would like to know what type of vulns they had and how long it’s taking to patch each. Maybe releasing that information 90 days after they’re fixed.

Such information along with the context could both help us assess if the state is managing its systems well and help inform a baseline of reasonableness.

We need to stop asking why, and ask why not share data. We need to go from need to know to need to share.

By: alex

alex — Thu, 07 May 2009 17:07:01 +0000

LOL Chris.

Actually, my money is on someone else, as I doubt Dell offers a security management solution around the BMC.

By: Chris

Chris — Thu, 07 May 2009 16:45:48 +0000

Texas…vendor….computer….

Could it be….Dell?

http://en.wikipedia.org/wiki/Baseboard_Management_Controller

I report, you decide.