Adam McKenna <[EMAIL PROTECTED]> wrote:
>I think "select few" as you have used it needs clarification -- even if only
>one half of one percent of all advanced C programmers are part of the "select
>few", that's still hundreds or thousands of people, and many of those people
>are part of the open source community.
That estimate may well be high. I've never seen books or training
covering the topic of security auditing C code. Where'd you get that
0.5%?
>A hell of a lot more, anyway, than
>are working at so-called "security firms", ready to stamp their approval on
>any product they get six or seven digit payments to "certify".
``So-called "security firms"'' that don't know what they're doing will
eventually be discovered for the frauds that they are. In the security
business, reputation is everything. An audit by some random "security
firm" might not mean anything, but an audit by a recognized authority
would.
-Dave
