FYI, the folks at SANS have announced the launch of their Software
Security Institute (see http://www.sans-ssi.org/ for details).
Their web site cites the following 6 goals:
* Allow employers to rate their programmers on security skills
so they can be confident that every project has at
At 9:29 AM -0400 3/30/07, Benjamin Tomhave wrote:
SOX has been a complete waste, imo. First, the majority of it was already
covered in existing law. Second, it really has nothing to do with security
from a practical standpoint. The only purpose SOX has served is to give
auditors another