I would like to gain a perspective from the various software vendors as to which consulting firms they believe have the best expertise in assisting clients with rollout of their tools. I hope that a couple of names will appear across software vendors. I am also hoping one or two names will emerge across vendors as common.
I know asking a question that is related to consulting but where an answer from a consulting firm isn't required will compel consultant types to respond, I figured I would also ask another question in which they may have better perspective. I am seeking a developer-level resource for a three month onsite consulting engagement (initial) to operationalize our rollout of tools that enable secure coding. Candidates should have the following characteristics: Knowledge and hands-on administration experience using Fortify Software, Coverity, Ounce Labs, HP DevInspect, etc (We haven't chosen the tool yet) Ability to program in both Java and .NET languages Ability to do presentations to other software developers on secure coding topics Strong analytical and logical thinking capability Work indepedently and under little supervision / guidance and take on technical lead role as needed Ability to produce written documentation on technical alternatives API design and implementation. Familiarity with XML, XML Schema, XSL or other XML tools a plus. Hourly rate depending on actual experience in a security context Will need resumes emailed to me by Friday, September 7th. Please also include hourly rate. Not looking for candidates higher on the food chain to do "strategy" , "POC", etc but developer-types to help with operational aspects with rates inline with this notion. ************************************************************************* This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies. ************************************************************************* _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________