Re: [SC-L] any one a CSSLP is it worth it?

2010-04-14 Thread Wieneke, David A.
Having a CISSP certification I know it is more than just passing the test. You are not certified as a CISSP until you have another CISSP attest to your qualifications and you submit a detail resume of your security experience by domain to (ISC)2 auditors. If the auditors do not feel your

Re: [SC-L] Security in QA is more than exploits

2009-02-04 Thread Wieneke, David A.
Before anyone talks about vulnerabilities to test for, we have to figure out what the business cares about and why. What could go wrong? Who cares? What would the impact be? Answers to those questions drive our testing strategy, and ultimately our test plans and test cases. We have to figure