for the vast majority of the profession - slamming the magic pizza box in a rack is more preferable than talking to developers. in many cases the biggest barrier to getting better security in companies is the so-called information security group. it has very little to do with technology, its a people problem.
-gp Kenneth Van Wyk wrote: > Happy PCI-DSS 6.6 day, everyone. (Wow, that's a sentence you don't hear > often.) > > http://www.internetnews.com/ec-news/article.php/3755916 > > In talking with my customers over the past several months, I always find > it interesting that the vast majority would sooner have root canal than > submit their source code to anyone for external review. I'm betting PCI > 6.6 has been a boon for the web application firewall (WAF) world. > > > Cheers, > > Ken > > ----- > Kenneth R. van Wyk > SC-L Moderator > KRvW Associates, LLC > http://www.KRvW.com > > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Secure Coding mailing list (SC-L) SC-L@securecoding.org > List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l > List charter available at - http://www.securecoding.org/list/charter.php > SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) > as a free, non-commercial service to the software security community. > _______________________________________________ _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________