On 8/26/08 3:03 PM, "ljknews" <[EMAIL PROTECTED]> wrote: I am not interested in dealing with people who cannot get the simple things right.
Right. Because we all know that the HTML, xHTML, DHTML, CSS, and the related standards are really simple. Nothing to it. Writing valid HTML in our applications is a snap. And when management says "so, why are we a week late getting the application into production?" they'll be pleased to hear that it was to make sure the HTML on all 300 screens validated. Nevermind that the app was satisfying its users and business owners when it didn't validate. It's important to make the validation programs happy, not the users or the business. As it is, web applications are shoved out the door with insufficient attention paid to their functional capabilities. Then there's the insufficient attention paid to their security capabilities. Standards compliance is orthogonal to all that. I'd rather have a functional and sufficiently secure web site that was non-compliant than one that was compliant but lacking in functionality or security. Either way, I think Gary's point in putting the survey out on this list was to see if we were interested in the survey. It's a shame we've gone off on a tangent about the value of validating HTML. Paco -- Paco Hope, CISSP Technical Manager, Cigital, Inc http://www.cigital.com/ * +1.703.585.7868 Software Confidence. Achieved. _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
