On Dec 1, 2007 7:59 AM, Steven M. Christey <[EMAIL PROTECTED]> wrote:
> On Fri, 30 Nov 2007, silky wrote:
> > i still think all these ideas are wrong and the model is simple: don't
> > employ people who write and generate insecure code. it's just part of
> > programming. you wouldn't hire a doctor to be a gardener. don't hire
> > an idiot to program your apps.
> How does a manager who hasn't written code in the last 10 years (if ever)
> know how to distinguish the idiots from the experts?  Secure programming
> certification and education is, at best, in its infancy.

how does anyone know how to hire anyone for a job that they themselves
aren't qualified for? well, you pay professionals to do it.
recruitment agents. this should be part of their role. and absolutely
agreed; most certification is useless, secure programming is no

> - Steve

Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.

Reply via email to