I've posted a rant on training security to QA people. The security industry needs to re-align its training expectations for QA http://www.cgisecurity.com/2009/02/the-security-industry-needs-to-realign-its-training-expectations-for-qa.html
Regards, - Robert http://www.cgisecurity.com/ http://www.webappsec.org/ ---------------------------------------------------------------------------- Join WASC on IRC: irc.freenode.net #webappsec _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________