[mailto:alain.desau...@swift.com] Sent: Monday, January 04, 2010 7:23
AM To: Gary McGraw; Secure Code Mailing List; Steve Lipner Cc:
list-s...@secureconsulting.net; David Ladd Subject: RE: [SC-L]
InformIT: You need an SSG
[now posted on sc-l]
I agree that in an ideal world, security would
Hi ben,
I would be very much interested in Steve Lipner's opinion here, because Steve
ran the IR program at Microsoft a decade ago before he was recruited to lead
the SSG. Steve, if you would, please take a look at this thread and let us
know what your thinking is RE integrating an IR group
At 08:01 AM 22/12/2009, Mike Boberski wrote:
Hi Gary.
To play devil's advocate:
Current organizational practices aside, I would say that
organizations really need more and better toolkits and standards for
developers to use, than they need more and better committees.
I'd have to agree -
Mike Boberski mike.bober...@gmail.com wrote:
A toolkit example that comes to mind, to keep this email short: the
highly-matrixed environment (and actually also the smaller environment, now
that I think about it) where developers fly on and off projects.
I don't quite grok what you're saying
hi bret and mike,
While you guys are certainly entitled to your opinion, I think it is important
to acknowledge facts when you state an argument. Please take a few minutes to
read the article I posted on SSG's (this committee language you're both using
is very humorous BTW...thanks for the
I think the short-term assertion is sound (setup a group to make a push
in training, awareness, and integration with SOP), but I'm not convinced
the long-term assertion (that is, maintaining the group past the initial
push) is in fact meritorious. I think there's a danger in setting up
dedicated
hi ben,
You may be right. We have observed that the longer an initiative is underway
(we have one in the study that checks in at 14 years old), the more actual
activity tends to get pushed out to dev. You may recall from the BSIMM that we
call this the satellite. Microsoft has an extensive
station ad goes.
Best,
Mike B.
-Original Message-
From: sc-l-boun...@securecoding.org [mailto:sc-l-boun...@securecoding.org] On
Behalf Of Gary McGraw
Sent: Tuesday, December 22, 2009 12:09 PM
To: list-s...@secureconsulting.net; Secure Code Mailing List
Subject: Re: [SC-L] InformIT: You
hi sc-l,
This list is made up of a bunch of practitioners (more than a thousand from
what Ken tells me), and we collectively have many different ways of promoting
software security in our companies and our clients. The BSIMM study
http://bsi-mm.com focuses attention on software security in
Hi Gary.
To play devil's advocate:
Current organizational practices aside, I would say that organizations
really need more and better toolkits and standards for developers to use,
than they need more and better committees.
A toolkit example that comes to mind, to keep this email short: the
...@informit.com
*Subject:* Re: [SC-L] InformIT: You need an SSG
I dunno, the concept of SSG seems overly broad to me. Looking at security
libraries as a feature or a module eliminates the us vs. them paradox.
Adding a new second security group is just twice as confrontational to the
still
; dustin.sulli...@informit.com
*Subject:* Re: [SC-L] InformIT: You need an SSG
I dunno, the concept of SSG seems overly broad to me. Looking at security
libraries as a feature or a module eliminates the us vs. them paradox.
Adding a new second security group is just twice as confrontational
12 matches
Mail list logo