On Dec 1, 2007 7:59 AM, Steven M. Christey <[EMAIL PROTECTED]> wrote: > > On Fri, 30 Nov 2007, silky wrote: > > > i still think all these ideas are wrong and the model is simple: don't > > employ people who write and generate insecure code. it's just part of > > programming. you wouldn't hire a doctor to be a gardener. don't hire > > an idiot to program your apps. > > How does a manager who hasn't written code in the last 10 years (if ever) > know how to distinguish the idiots from the experts? Secure programming > certification and education is, at best, in its infancy.
how does anyone know how to hire anyone for a job that they themselves aren't qualified for? well, you pay professionals to do it. recruitment agents. this should be part of their role. and absolutely agreed; most certification is useless, secure programming is no different. > - Steve -- mike http://lets.coozi.com.au/ _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________