Re: [SC-L] How do we improve s/w developer awareness?

2004-12-02 Thread Brian Utterback
George Capehart wrote: Yes, assuming management cares . . . and that's *my* broken record . . . :) If the tone of my comments was a bit harsh, it is most emphatically not intended to be directed at your thoughts. It is only because of my intense frustration with the situation. When Management

RE: [SC-L] How do we improve s/w developer awareness?

2004-12-02 Thread Michael S Hines
I've been trying to get IT Auditors and the Audit community in general to apply the same due dilligence to operating systems (infrastructure or general controls) that they apply to applications systems testing. I'm not aware of anyone in the IT Audit community doing OS audits - to verify that

RE: [SC-L] How do we improve s/w developer awareness?

2004-12-02 Thread Shea, Brian A
FYI this is part of a notice that went out to financial institutions recently. Complete Financial Institution Letter: http://www.fdic.gov/news/news/financial/2004/fil12104.html Highlights: Management is responsible for ensuring that commercial off-the-shelf (COTS) software packages and

Re: [SC-L] How do we improve s/w developer awareness?

2004-12-02 Thread der Mouse
Changing liability laws on the other hand is a simple solution. But at what price? It would kill off open source completely, as far as I can see, in the jurisdiction(s) in question. (How many open source projects could afford to defend a liability suit even if they (a) wanted to and (b) had a

Re: [SC-L] How do we improve s/w developer awareness? [Virus Checked]

2004-12-02 Thread graham . coles
I have to say I find your comparison between bridge engineers and software engineers rather troubling. In response to your question: 'Would you accept it was too hard to do a stress analysis from the engineer designing a bridge?' I think, regrettably, we probably would do these days.

[no subject]

2004-12-02 Thread Dana Epp
[EMAIL PROTECTED] Subject: Re: [SC-L] How do we improve s/w developer awareness? Date: Thu, 2 Dec 2004 12:52:35 -0800 Sender: [EMAIL PROTECTED] Precedence: bulk Mailing-List: contact [EMAIL PROTECTED] ; run by MajorDomo List-Id: Secure Coding Mailing List sc-l.securecoding.org List-Post: