On Nov 26, 2008, at 9:19 AM, Gary McGraw wrote:
I think this idea of regional differences is worth exploring a bit. In my work at cigital I have come to believe that there is a difference in approach between the east coast of the US and the west coast.
I completely agree here. Stephen raises a fascinating point.I don't know what I did {right|wrong}, but the vast majority of my clients are in Europe or Southeast Asia right now. (I'm a dual EU/US citizen, which perhaps helps.) Apart from all the air miles, I've seen vast differences that seem--at least on the surface via casual observation--to have a regional component. Contrasting US East, West, EU, and Asia, there are big differences in such areas as:
- Software process. I see more process-heavy dev in US East and Europe, with far less of it in US West and Asia, for instance.
- Security teams. I see a pretty solid line between IT security and software dev teams in US East and Asia, with lines being more blurred in US West and EU. This seems to be central to Stephen's point, if I understand correctly. And it's a good point to consider.
- Security testing. ...The list goes on. Unfortunately, all I have are casual observations, but the "climate differences" seem palpable to me.
Cheers, Ken ----- Kenneth R. van Wyk KRvW Associates, LLC http://www.KRvW.com
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
