-Original Message-
From: Jim Manico [mailto:jim.man...@owasp.org]
Sent: Friday, February 04, 2011 11:34 PM
To: Chris Eng
Cc: Chris Wysopal; Secure Code Mailing List
Subject: Re: [SC-L] InformIT: comparing static analysis tools
Hello Chris,
Thanks for replying!
I think the reaction
Very well said Chris. Can you explain what you mean by . bias-alertI think
SaaS based software is more easily consumed and this isn't any different for
software security/bias-alert
Sent from my iPhone
On Feb 3, 2011, at 2:54 PM, Chris Wysopal cwyso...@veracode.com wrote:
. bias-alertI think
Jim,
Maybe you would have had more success if you explicitly said in the
cloud ;-)
- Steve
On Thu, 3 Feb 2011, Jim Manico wrote:
Chris,
I've tried to leverage Veracode in recent engagements. Here is how the
conversation went:
Jim: Boss, can I upload all of your code to this cool SaaS
On 3 February 2011 16:02, Jim Manico jim.man...@owasp.org wrote:
Chris,
I've tried to leverage Veracode in recent engagements. Here is how the
conversation went:
Jim:
Boss, can I upload all of your code to this cool SaaS service for
analysis?
Client:
Uh no, and next time you ask, I'm
: Jim Manico [mailto:jim.man...@owasp.org]
Sent: Thursday, February 03, 2011 7:02 PM
To: Chris Wysopal
Cc: Gary McGraw; Secure Code Mailing List
Subject: Re: [SC-L] InformIT: comparing static analysis tools
Chris,
I've tried to leverage Veracode in recent engagements. Here is how
” benefits kick in.
-Chris
From: Prasad N Shenoy [mailto:prasad.she...@gmail.com]
Sent: Thursday, February 03, 2011 9:02 PM
To: Chris Wysopal
Cc: Gary McGraw; Secure Code Mailing List
Subject: Re: [SC-L] InformIT: comparing static analysis tools
Very well said Chris. Can you explain what you mean
Hi Gary,
No offense taken. :) Securing Web software is a plenty big enough challenge for
me. 270+ million websites accessible to 2 billion people. And let's not even go
into the hundreds of thousands of mobile apps, which are basically all mini
webapps. After I'm done solving that problem I'll
the problem).
Sorry, I couldn’t help myself. J
-Chris
From: Ben Laurie [mailto:b...@google.com]
Sent: Friday, February 04, 2011 11:34 AM
To: Jim Manico
Cc: Chris Wysopal; Secure Code Mailing List
Subject: Re: [SC-L] InformIT: comparing static analysis tools
On 3
, February 04, 2011 11:34 AM
To: Jim Manico
Cc: Chris Wysopal; Secure Code Mailing List
Subject: Re: [SC-L] InformIT: comparing static analysis tools
On 3 February 2011 16:02, Jim Manico jim.man...@owasp.org wrote:
Chris,
I've tried to leverage Veracode in recent engagements. Here is how
Hello Chris,
Thanks for replying!
I think the reaction from my boss was not so much knee-jerk, but a
reasonable concern. The risk of persisting intellectual property on a
cloud service is real. And that risk differs depending on your business
(as well as many other factors). I'm eager to see
Hey Gary,
Nice article. A brief note, Ounce is dead. The product was renamed
IBM Rational AppScan Source Edition after IBM's acquisition of Ounce.
Small matter but for what it's worth,
Jim
hi sc-l,
John Steven and I recently collaborated on an article for informIT. The
article is called
All,
I followed this article up with a blog entry, more targeted at adopting
organizations. I hope you find it useful:
http://www.cigital.com/justiceleague/2011/02/02/if-its-so-hard-why-bother/
John Steven
Senior Director; Advanced Technology Consulting
Desk: 703.404.9293 x1204 Cell:
Chris,
I've tried to leverage Veracode in recent engagements. Here is how the
conversation went:
Jim:
Boss, can I upload all of your code to this cool SaaS service for analysis?
Client:
Uh no, and next time you ask, I'm having you committed.
I'm sure you have faced these objections before.
Great article, Gary. Many of your comments about static technology
challenges I have seen and verified first-hand, including
multi-million dollar cost overruns. After some great dialogue with
John Stevens, I suspect we have had similar experiences.
I was just about to write a similar article at a
14 matches
Mail list logo
