FYI, in addition to the report released today by the National Cyber Security Partnership on "Cyber Security Technical Standards and Common Criteria" (see http://www.cyberpartnership.org/041904.html), there's an article in eWeek quoting Amit Yoran on his take on the state of software security (see http://www.eweek.com/article2/0,1759,1570317,00.asp). In the article, Yoran is quoted as saying, "It's inexcusable today to produce software that suffers from buffer overruns," he said to an audience of several hundred security managers and network operators. "We need to focus on software assurance in the development cycle and in real-world deployments."
You think he heard what I said on TechTV last week (see http://www.techtv.com/callforhelp/shownotes/story/0,24330,3662522,00.html)? Yeah, me neither... ;-) Cheers, Ken van Wyk -- KRvW Associates, LLC http://www.KRvW.com
