I think Gunnar hit a lot of the important points. Bake offs do
provide interesting data. I have a few slide decks which I've created
to help companies with this problem, and would be happy to provide
them to anyone willing to email me side-channel. Of the items Gunnar
listed, I find that
I learned through the grapevine that folks from Network Computing will be doing
an upcoming article and comparison of tools in the secure coding space. If you
are a vendor, it would be wise to make sure your marketing folks are
participating. The funny thing is that I wouldn't expect it to
This is great, and something I have incorporated into our own cycle
previously, as carving out a spot on our team as the security engineer
didn't seem to work. But by creating a process for including security
testing, abuse cases, etc. I was able to incorporate security without a big
hit to
