> 1. I haven't gotten a sense that a bakeoff matters. For example, if I wanted
> to write a simple JSP application, it really doesn't matter if I use Tomcat,
> Jetty, Resin or BEA from a functionality perspective while they may each have
> stuff that others don't, at the end of the day they are all
doing myself a huge disservice and should instead
focus on a boutique.
-Original Message-
From: Paco Hope [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 04, 2007 9:33 AM
To: McGovern, James F (HTSC, IT); sc-l@securecoding.org
Subject: RE: [SC-L] Building Security In vs Auditing
> Gary
> Gary, I would love a little refinement of the benefits to badnessometers.
> Let's say I get a tool to tell me something I already suspect is wrong,
> what percentage of the population are better than they expected?
I won't speak for Gary, but working a few doors down I have seen a few of the
sa
CTED]
Sent: Tuesday, January 02, 2007 1:35 PM
To: McGovern, James F (HTSC, IT); sc-l@securecoding.org
Subject: RE: [SC-L] Building Security In vs Auditing
Hi all,
Very good questions.
I think a service like the one you describe would be useful mostly as a way of
identifying the depth of t
Hi all,
Very good questions.
I think a service like the one you describe would be useful mostly as a way of
identifying the depth of the problem. Simply wielding a tool as a consultant
does nothing to train the guys creating bugs not to do so in the future...and
so the market will correct t
At 9:46 AM -0500 1/2/07, McGovern, James F (HTSC, IT) wrote:
> I read a recent press release in which a security vendor (names removed
> to both protect the innocent along with the fact that it doesn't matter
> for this discussion ) partnered with a prominent outsourcing firm. The
> press release