On Apr 7, 2005 12:43 PM, Blue Boar [EMAIL PROTECTED] wrote:
Michael Silk wrote:
See, you are considering 'security' as something extra again. This is
not right.
It is extra. It's extra time and effort. And extra testing. And extra
backtracking and schedule slipping when you realize you
Michael Silk wrote:
See, you are considering 'security' as something extra again. This is
not right.
It is extra. It's extra time and effort. And extra testing. And extra
backtracking and schedule slipping when you realize you blew something.
All before it hits beta.
Any solution that ends
Michael Silk wrote:
Consider the bridge example brought up earlier. If your bridge builder
finished the job but said: ohh, the bridge isn't secure though. If
someone tries to push it at a certain angle, it will fall.
All bridges have certain limits. There is difference between a
footbridge and
Greetings++,
Another interesting article this morning, this time from eSecurityPlanet.
(Full disclosure: I'm one of their columnists.) The article, by Melissa
Bleasdale and available at
http://www.esecurityplanet.com/trends/article.php/3495431, is on the general
state of application
Quoting from the article:
''You can't really blame the developers,''
I couldn't disagree more with that ...
It's completely the developers fault (and managers). 'Security' isn't
something that should be thought of as an 'extra' or an 'added bonus'
in an application. Typically it's just about
PROTECTED]
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Michael Silk
Sent: Wednesday, April 06, 2005 9:40 AM
To: Kenneth R. van Wyk
Cc: Secure Coding Mailing List
Subject: Re: [SC-L] Application Insecurity --- Who is at Fault?
Quoting from
And I couldn't disagree more with your perspective, except for your
inclusion of managers in parenthesis.
Developers take direction and instruction from management, they are not
autonomous entities. If management doesn't make security a priority,
then only so much secure/defensive code can be
Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Michael Silk
Sent: Wednesday, April 06, 2005 8:40 AM
To: Kenneth R. van Wyk
Cc: Secure Coding Mailing List
Subject: Re: [SC-L] Application Insecurity --- Who is at Fault?
Quoting from the article:
''You can't really blame
Wyk [EMAIL PROTECTED]
Cc: Secure Coding Mailing List SC-L@securecoding.org
Sent: Wednesday, April 06, 2005 9:40 AM
Subject: Re: [SC-L] Application Insecurity --- Who is at Fault?
Quoting from the article:
''You can't really blame the developers,''
I couldn't disagree more with that ...
It's
-
From: Michael Silk [EMAIL PROTECTED]
To: Kenneth R. van Wyk [EMAIL PROTECTED]
Cc: Secure Coding Mailing List SC-L@securecoding.org
Sent: Wednesday, April 06, 2005 9:40 AM
Subject: Re: [SC-L] Application Insecurity --- Who is at Fault?
Quoting from the article:
''You can't really
]
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Michael Silk
Sent: Wednesday, April 06, 2005 9:40 AM
To: Kenneth R. van Wyk
Cc: Secure Coding Mailing List
Subject: Re: [SC-L] Application Insecurity --- Who is at Fault?
Quoting from
Inline
On Apr 7, 2005 1:06 AM, Dave Paris [EMAIL PROTECTED] wrote:
And I couldn't disagree more with your perspective, except for your
inclusion of managers in parenthesis.
Developers take direction and instruction from management, they are not
autonomous entities. If management doesn't
12 matches
Mail list logo
