Maybe the test shouldn't focus on code at all? If we can agree that many flaws are found at design time even before code is written (Yes, most folks still use waterfall approaches but that is a different debate) then why can't questions occur at this level?
If we follow the trend of IT at large, we would understand that lots of "coding" is going outside of the United States but architecture and design for the most part is still onshore, it has the potential for a bigger impact, access to more capital and therefore should come first. ************************************************************************* This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies. ************************************************************************* _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
