At 08:01 AM 22/12/2009, Mike Boberski wrote:
Hi Gary.
To play devil's advocate:
Current organizational practices aside, I would say that
organizations really need more and better toolkits and standards for
developers to use, than they need more and better committees.
I'd have to agree - whilst SSG is probably a great opportunity for a
management consultant, it rarely delivers anything directly useful.
In fact I would go as far as to say that if a SSG delivers something
useful, the organisation was already ready to deliver the changes.
Committees rarely take direct ownership of a problem.
Toolsets may or may not deliver results - depending on if there are
ways around them - too often you hear the excuse "we can't waste time
with that - the business won't wait"
However toolset will work if you have a good properly supported
securty mgmt function :)
Cheers
Bret
_______________________________________________
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________
