Gary, I would love a little refinement of the benefits to badnessometers.
Let's say I get a tool to tell me something I already suspect is wrong,
what percentage of the population are better than they expected?
I won't speak for Gary, but working a few doors down I have seen a few of the
same
: Tuesday, January 02, 2007 1:35 PM
To: McGovern, James F (HTSC, IT); sc-l@securecoding.org
Subject: RE: [SC-L] Building Security In vs Auditing
Hi all,
Very good questions.
I think a service like the one you describe would be useful mostly as a way of
identifying the depth of the problem
At 9:46 AM -0500 1/2/07, McGovern, James F (HTSC, IT) wrote:
I read a recent press release in which a security vendor (names removed
to both protect the innocent along with the fact that it doesn't matter
for this discussion ) partnered with a prominent outsourcing firm. The
press release was