On Dec 3, 2007 8:34 AM, silky [EMAIL PROTECTED] wrote:
how does anyone know how to hire anyone for a job that they themselves
aren't qualified for? well, you pay professionals to do it.
recruitment agents. this should be part of their role. and absolutely
agreed; most certification is
On Nov 29, 2007 3:47 PM, Kenneth Van Wyk [EMAIL PROTECTED] wrote:
The article quotes David Rice, who has a book out called
Geekconomics: The Real Cost of Insecure Software. In it, he tried
to quantify how much insecure software costs the public and, more
controversially, proposes a
On Nov 30, 2007 1:37 PM, Steven M. Christey [EMAIL PROTECTED] wrote:
Software vendors will need a 3 tier approach to software security: Dev
training and certification, internal source testing, external
independent audit and rating.
I don't think I've seen enough emphasis on this latter
On Nov 29, 2007 5:13 PM, Andy Steingruebl [EMAIL PROTECTED] wrote:
I like contractual approaches to this problem myself. People buying
large quantities of software (large enterprises, governments) should
get contracts with vendors that specify money-back for each patch they
have to apply
Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Leichter, Jerry
Sent: Friday, November 30, 2007 6:28 AM
To: der Mouse
Cc: SC-L@securecoding.org
Subject: Re: [SC-L] Insecure Software Costs US $180B per Year -
Application and Perimeter Security News Analysis - Dark Reading
Just as a traditional manufacturer would pay less tax by
becoming greener, the software manufacturer would pay less
tax for producing cleaner code, [...]
And all of this completely ignores the $0 software market. Who
gets hit with tax when a bug is found in, say, the Linux
On Nov 29, 2007, at 6:35 PM, Leichter, Jerry wrote:
So he's not completely naive, though the history of security metrics
and
standards - which tend to produce code that satisfies the standards
without being any more secure - should certainly give on pause.
One could, I suppose, give rebates
On Fri, 30 Nov 2007, Shea, Brian A wrote:
Software vendors will need a 3 tier approach to software security: Dev
training and certification, internal source testing, external
independent audit and rating.
I don't think I've seen enough emphasis on this latter item. A
sufficiently vibrant
| Just as a traditional manufacturer would pay less tax by
| becoming greener, the software manufacturer would pay less tax
| for producing cleaner code, [...]
|
| One could, I suppose, give rebates based on actual field experience:
| Look at the number of security problems
| FYI, there's a provocative article over on Dark Reading today.
| http://www.darkreading.com/document.asp?doc_id=140184
|
| The article quotes David Rice, who has a book out called
| Geekconomics: The Real Cost of Insecure Software. In it, he tried
| to quantify how much insecure software costs
On Nov 29, 2007 2:47 PM, Kenneth Van Wyk [EMAIL PROTECTED] wrote:
The article quotes David Rice, who has a book out called
Geekconomics: The Real Cost of Insecure Software. In it, he tried
to quantify how much insecure software costs the public and, more
controversially, proposes a
Just as a traditional manufacturer would pay less tax by
becoming greener, the software manufacturer would pay less
tax for producing cleaner code, [...]
One could, I suppose, give rebates based on actual field experience:
Look at the number of security problems reported
On Nov 29, 2007 6:07 PM, Blue Boar [EMAIL PROTECTED] wrote:
Andy Steingruebl wrote:
I like contractual approaches to this problem myself. People buying
large quantities of software (large enterprises, governments) should
get contracts with vendors that specify money-back for each patch
13 matches
Mail list logo