[Apologies for this reply being a bit behind the discussion - I originally
submitted it from a different
e-mail account than the one I subscribed with, and so it sailed off to
/dev/null.]
On Wed Jun 6 18:59 , Michael Silk [EMAIL PROTECTED] sent:
On 6/7/07, McGovern, James F (HTSC, IT) [EMAIL
] Perspectives on Code Scanning
Hi there, I found this thread very interesting.
It's true that developers are the ones who remediate to code
insecurity and executives care about how much effort has to be spent
over closing branches. Indeed I think the two categories needs a tool
approaching the same
On Thu, 7 Jun 2007, Michael Silk wrote:
and that's the problem. the accountability for insecure coding should
reside with the developers. it's their fault [mostly].
The customers have most of the power, but the security community has
collectively failed to educate customers on how to ask for
and that's the problem. the accountability for insecure coding should
reside with the developers. it's their fault [mostly].
The customers have most of the power, but the security community has
collectively failed to educate customers on how to ask for more secure
software. There are pockets
McGovern, James F \(HTSC, IT\) [mailto:[EMAIL PROTECTED] writes:
the value of tools in this space are not really targeted at developers
but should be targeted at executives who care about overall quality and
security folks who care about risk. While developers are the ones to
remediate,
--- the software should work and be secure (co-requirements).
And already we have trouble, because this immediately raises not only
the question what does `work' mean? but also secure against what?.
And answering that correctly requires input from the customer. Which
we (TINW) won't have until
: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of der Mouse
Sent: Thursday, June 07, 2007 8:07 AM
To: SC-L@securecoding.org
Subject: Re: [SC-L] Perspectives on Code Scanning
--- the software should work and be secure (co-requirements).
And already we have trouble, because this immediately
And answering that [secure against what?] correctly requires input
from the customer. Which we (TINW) won't have until customers
recognize a need for security and get enough clue to know what they
want to be secure against.
If you are asserting that the customer must tell you how many
inline
On 6/6/07, McGovern, James F (HTSC, IT) [EMAIL PROTECTED]
wrote:
I really hope that this email doesn't generate a ton of offline emails and
hope that folks will talk publicly. It has been my latest thinking that the
value of tools in this space are not really targeted at developers but
I really hope that this email doesn't generate a ton of offline emails and hope
that folks will talk publicly. It has been my latest thinking that the value of
tools in this space are not really targeted at developers but should be
targeted at executives who care about overall quality and
On 6/7/07, McGovern, James F (HTSC, IT) [EMAIL PROTECTED] wrote:
I really hope that this email doesn't generate a ton of offline emails and
hope that folks will
talk publicly. It has been my latest thinking that the value of tools in this
space are not really
targeted at developers but
11 matches
Mail list logo
