Brian Chess wrote: > I like your point Matt. Everybody who's responded thus-far has wanted to > turn this into a discussion about what's most effective or what has the most > benefit, sort of like we were comparing which icky medicine to take or which > overcooked vegetable to eat. Maybe they don't get any pleasure from the > work itself.
I take exception to that use of "everybody". My response was based solely on my *preference*, which is what my understanding of Matt was originally asking. But SC-L being the mailing list of many tangents, well... And again, for the record, I *enjoy* both pen testing and static code analysis, but I _personally_ prefer doing static code analysis, if no other reason that generally allows me to work closer to the development teams where I can better suggest appropriate mitigation. Of course, my post (at least the original one) wasn't controversial enough to stir up the pot and cause it to go off in some other direction, so it may have flew past you under the radar. Not that that matters. OTOH, I don't want to be lumped into the "everybody" category especially when that list includes those who can't follow simple directions. ;-) Regards, -kevin -- Kevin W. Wall "The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come in; we're computer professionals. We cause accidents." -- Nathaniel Borenstein, co-creator of MIME _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
