PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Arian J. Evans
Sent: Wednesday, May 16, 2007 4:05 PM
To: SC-L@securecoding.org
Subject: Re: [SC-L] Darkreading: Secure Coding Certification
I don't understand this thread. These are different sets of issues. Often, they
are different sets of people
@securecoding.org'
Subject: RE: [SC-L] Darkreading: Secure Coding Certification
Hi all,
I like this idea. There is plenty of non-code material to master in our
field. I think a bunch of it is covered in detail in Software
Security...but I am biased.
I would like to see coverage of common attack
: McGovern, James F (HTSC, IT) [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 16, 2007 03:08 PM Eastern Standard Time
To: SC-L@securecoding.org
Subject:[SC-L] Darkreading: Secure Coding Certification
Maybe the test shouldn't focus on code at all? If we can agree that many flaws
are found
-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Johan Peeters
Sent: Saturday, May 12, 2007 6:11 AM
To: SC-L@securecoding.org
Subject: Re: [SC-L] Darkreading: Secure Coding Certification
I agree that multiple choice alone is inadequate to test the true
breadth and depth of someone's
Of Johan Peeters
Sent: Saturday, May 12, 2007 6:11 AM
To: SC-L@securecoding.org
Subject: Re: [SC-L] Darkreading: Secure Coding Certification
I agree that multiple choice alone is inadequate to test the true
breadth and depth of someone's security knowledge. Having contributed
a few questions
* Johan Peeters:
I agree that multiple choice alone is inadequate to test the true
breadth and depth of someone's security knowledge. Having contributed
a few questions to the SANS pool, I take issue with Gary's article
when it implies that you can pass the GSSP test while clueless.
But I
On Mon, 14 May 2007, McGovern, James F (HTSC, IT) wrote:
1. ONLY consultants and vendors have jumped on the bandwagon. Other IT
professionals such as those who work in large enterprises have no
motivation to pursue.
Only vendors have jumped on the bandwagon? The software developers are
the
On Sat, 12 May 2007, ljknews wrote:
but based on biases I see on this list, I tend to believe that those
who make such a certification scheme would bias it toward:
Programming done in C and derivative languages (C++, Java, etc.)
Programming relying on TCP/IP
neither of which
Hi all,
As readers of the list know, SANS recently announced a certification scheme for
secure programming. Many vendors and consultants jumped on the bandwagon. I'm
not so sure the bandwagon is going anywhere. I explain why in my latest
darkreading column: