At 08:01 AM 22/12/2009, Mike Boberski wrote:
Hi Gary.

To play devil's advocate:

Current organizational practices aside, I would say that organizations really need more and better toolkits and standards for developers to use, than they need more and better committees.

I'd have to agree - whilst SSG is probably a great opportunity for a management consultant, it rarely delivers anything directly useful. In fact I would go as far as to say that if a SSG delivers something useful, the organisation was already ready to deliver the changes. Committees rarely take direct ownership of a problem.

Toolsets may or may not deliver results - depending on if there are ways around them - too often you hear the excuse "we can't waste time with that - the business won't wait"

However toolset will work if you have a good properly supported securty mgmt function :)



Secure Coding mailing list (SC-L)
List information, subscriptions, etc -
List charter available at -
SC-L is hosted and moderated by KRvW Associates, LLC (
as a free, non-commercial service to the software security community.

Reply via email to