Gary, Could you elaborate a bit more? Specifically, what kind of incentives you have in mind? How would they work?
The debate about what to do to improve software security at a national or larger scale is mostly populated with abstractions and generic ideas but the enumeration and description of concrete, specific measures to deploy is notably scant. -ivan On 8/3/12 9:32 AM, Gary McGraw wrote: > hi greg, > > Good question. I'm biased of course, but I think a BSIMM type measurement > is the best way to approach this. (See http://bsimm.com.) However, > regardless of measurement I strongly believe that incentives are way > better than regulations and penalties. > _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________