On Fri, 30 Nov 2007, silky wrote:

> i still think all these ideas are wrong and the model is simple: don't
> employ people who write and generate insecure code. it's just part of
> programming. you wouldn't hire a doctor to be a gardener. don't hire
> an idiot to program your apps.

How does a manager who hasn't written code in the last 10 years (if ever)
know how to distinguish the idiots from the experts?  Secure programming
certification and education is, at best, in its infancy.

- Steve
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.

Reply via email to