Ken, Customers not wanting to part with source code is one of the reasons, at Veracode, we decided to take our static binary analysis technology to market as SaaS. You get the benefit of both automation, as with static source code analysis, and an external assessment, yet you don't have to part with your source code. So that we can deliver the same analysis accuracy as source code static analysis (among other reasons) we require our customers to submit symbols along with the compiled binaries. It is true that there is some intellectual property included in the symbols but it doesn't elicit the same level of protective response which has people opting for the root canal over sending source code externally. Our solution allows organizations to meet the external code review requirements without having external parties inspect their source code.
-Chris -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kenneth Van Wyk Sent: Monday, June 30, 2008 9:44 AM To: Secure Coding Subject: [SC-L] InternetNews Realtime IT News - Merchants Cope With PCICompliance Happy PCI-DSS 6.6 day, everyone. (Wow, that's a sentence you don't hear often.) http://www.internetnews.com/ec-news/article.php/3755916 In talking with my customers over the past several months, I always find it interesting that the vast majority would sooner have root canal than submit their source code to anyone for external review. I'm betting PCI 6.6 has been a boon for the web application firewall (WAF) world. Cheers, Ken ----- Kenneth R. van Wyk SC-L Moderator KRvW Associates, LLC http://www.KRvW.com _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
