* Johan Peeters: > I agree that multiple choice alone is inadequate to test the true > breadth and depth of someone's security knowledge. Having contributed > a few questions to the SANS pool, I take issue with Gary's article > when it implies that you can pass the GSSP test while clueless.
But I guess you can fail it because your views are too refined (and you take too long to make your choices). After all, there are different schools of thought when it comes to secure coding and its methodologies. For instance, summing up buffer overflows or directory traversals under "input validation" is somewhat debatable. _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
