Re: [SC-L] Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading

2007-12-04 Thread Pete Werner
On Dec 3, 2007 8:34 AM, silky [EMAIL PROTECTED] wrote: how does anyone know how to hire anyone for a job that they themselves aren't qualified for? well, you pay professionals to do it. recruitment agents. this should be part of their role. and absolutely agreed; most certification is

Re: [SC-L] Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading

2007-12-02 Thread Andre Gironda
On Nov 29, 2007 3:47 PM, Kenneth Van Wyk [EMAIL PROTECTED] wrote: The article quotes David Rice, who has a book out called Geekconomics: The Real Cost of Insecure Software. In it, he tried to quantify how much insecure software costs the public and, more controversially, proposes a

Re: [SC-L] Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading

2007-12-02 Thread Andre Gironda
On Nov 30, 2007 1:37 PM, Steven M. Christey [EMAIL PROTECTED] wrote: Software vendors will need a 3 tier approach to software security: Dev training and certification, internal source testing, external independent audit and rating. I don't think I've seen enough emphasis on this latter

Re: [SC-L] Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading

2007-12-02 Thread Andre Gironda
On Nov 29, 2007 5:13 PM, Andy Steingruebl [EMAIL PROTECTED] wrote: I like contractual approaches to this problem myself. People buying large quantities of software (large enterprises, governments) should get contracts with vendors that specify money-back for each patch they have to apply

Re: [SC-L] Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading

2007-11-30 Thread Shea, Brian A
Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Leichter, Jerry Sent: Friday, November 30, 2007 6:28 AM To: der Mouse Cc: SC-L@securecoding.org Subject: Re: [SC-L] Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading

Re: [SC-L] Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading

2007-11-30 Thread der Mouse
Just as a traditional manufacturer would pay less tax by becoming greener, the software manufacturer would pay less tax for producing cleaner code, [...] And all of this completely ignores the $0 software market. Who gets hit with tax when a bug is found in, say, the Linux

Re: [SC-L] Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading

2007-11-30 Thread Kenneth Van Wyk
On Nov 29, 2007, at 6:35 PM, Leichter, Jerry wrote: So he's not completely naive, though the history of security metrics and standards - which tend to produce code that satisfies the standards without being any more secure - should certainly give on pause. One could, I suppose, give rebates

Re: [SC-L] Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading

2007-11-30 Thread Steven M. Christey
On Fri, 30 Nov 2007, Shea, Brian A wrote: Software vendors will need a 3 tier approach to software security: Dev training and certification, internal source testing, external independent audit and rating. I don't think I've seen enough emphasis on this latter item. A sufficiently vibrant

Re: [SC-L] Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading

2007-11-30 Thread Leichter, Jerry
| Just as a traditional manufacturer would pay less tax by | becoming greener, the software manufacturer would pay less tax | for producing cleaner code, [...] | | One could, I suppose, give rebates based on actual field experience: | Look at the number of security problems

Re: [SC-L] Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading

2007-11-29 Thread Leichter, Jerry
| FYI, there's a provocative article over on Dark Reading today. | http://www.darkreading.com/document.asp?doc_id=140184 | | The article quotes David Rice, who has a book out called | Geekconomics: The Real Cost of Insecure Software. In it, he tried | to quantify how much insecure software costs

Re: [SC-L] Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading

2007-11-29 Thread Andy Steingruebl
On Nov 29, 2007 2:47 PM, Kenneth Van Wyk [EMAIL PROTECTED] wrote: The article quotes David Rice, who has a book out called Geekconomics: The Real Cost of Insecure Software. In it, he tried to quantify how much insecure software costs the public and, more controversially, proposes a

Re: [SC-L] Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading

2007-11-29 Thread der Mouse
Just as a traditional manufacturer would pay less tax by becoming greener, the software manufacturer would pay less tax for producing cleaner code, [...] One could, I suppose, give rebates based on actual field experience: Look at the number of security problems reported

Re: [SC-L] Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading

2007-11-29 Thread Andy Steingruebl
On Nov 29, 2007 6:07 PM, Blue Boar [EMAIL PROTECTED] wrote: Andy Steingruebl wrote: I like contractual approaches to this problem myself. People buying large quantities of software (large enterprises, governments) should get contracts with vendors that specify money-back for each patch