Re: [SC-L] OWASP Publicity

2007-11-16 Thread Leichter, Jerry
| ...I've never understood why it is that managers who would never dream
| of second-guessing an electrician about electrical wiring, a
| construction engineer about wall bracing, a mechanic about car
| repairs, will not hesitate to believe - or at least act as though they
| believe - they know better than their in-house experts when it comes
| to what computer, especially software, decisions are appropriate, and
| use their management position to dictate choices based on their
| inexpert, incompletely informed, and often totally incompetent
| opinions.  (Not just security decisions, either, though that's one of
| the cases with the most unfortunate consequences.)
This is perhaps the most significant advantage to licensing and other
forms of official recognition of competence.  At least in theory, a
licensed professional is bound by an officially-sanctioned code of
conduct to which he has to answer, regardless of his employment chain
of command.

In reality, of course, things are not nearly so simple, along many
dimensions.  Theory and practice are often very different.  However ...
the next time you run into a situation where you are forced into
a technically bad decision because some salesman took a VP to a nice
golf course - imagine that you could pull down some official regulation
that supported your argument.  The world has many shades of gray

-- Jerry
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___


[SC-L] podcast (IT Conversations)

2007-11-16 Thread Gary McGraw
hi sc-l,

In a recent episode of the IT Conversations podcast, the hosts and I discussed 
online games and software security at length.  This was a pretty geeky 
conversation that was lots of fun.

Listen to it here:
http://itc.conversationsnetwork.org/shows/detail3436.html

gem

company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book www.swsec.com

___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___