There are plenty of sites that are perfectly x/html valid that are completely insecure.
There are plenty of sites that follow perfect w3c and other standards that are completely insecure. There are plenty of sites that are top-tier security vendors that, at least in the past, have been insecure. - Jim > At 11:11 AM -0400 8/24/08, Paco Hope wrote: > > >> Clearly the survey's content is only of interest if the HTML validates. >> > > The publisher of the web page is not in the security business, > they are in the publishing business. But how can I respect > their publishing expertise if they fail a simple automatic > test. > > And how can their target audience of security folk, who depend > strongly on following standards respect the knowledge of a > publisher who does not follow publishing standards. > > >> On Aug 24, 2008, at 9:47 AM, "ljknews" <[EMAIL PROTECTED]> wrote: >> >> >>> At 2:43 PM -0400 8/22/08, Gary McGraw wrote: >>> >>> >>>> BankInfoSecurity is running a survey on software security that some >>>> of you may be interested in participating in. Try it yourself here: >>>> >>>> http://www.bankinfosecurity.com/surveys.php?surveyID=1 >>>> >>> Hmmm. http://validator.w3.org says there are 973 errors on that page. >>> -- Jim Manico, Senior Application Security Engineer [EMAIL PROTECTED] | [EMAIL PROTECTED] (301) 604-4882 (work) (808) 652-3805 (cell) Aspect Security™ Securing your applications at the source http://www.aspectsecurity.com --------------------------------------------------------------- Management, Developers, Security Professionals ... ... can only result in one thing. BETTER SECURITY. http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference Sept 22nd-25th 2008
_______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
