rtunately for the WAF vendors, people can just use a
static source> > code analysis tool or a web application vulnerability scanner
instead of> > purchasing and deploying a WAF.> >> > Michael> >> >> Date: Mon,
30 Jun 2008 09:17:34 -0500> >> From: [EMA
just use a static source
> code analysis tool or a web application vulnerability scanner instead of
> purchasing and deploying a WAF.
>
> Michael
>
>> Date: Mon, 30 Jun 2008 09:17:34 -0500
>> From: [EMAIL PROTECTED]
>> To: [EMAIL PROTECTED]
>> CC: SC-L@securecoding.org
&
Gunnar -- agreed. And for all the "fake security" in the
name of PCI going on right now out there -- let's also
keep in mind that it is completely valid and legitimate
to attempt to operationalize software security.
We scoff because to date it hasn't been done well (at all).
That is just as much a
bility scanner instead of purchasing
and deploying a WAF.
Michael
> Date: Mon, 30 Jun 2008 09:17:34 -0500
> From: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> CC: SC-L@securecoding.org
> Subject: Re: [SC-L] InternetNews Realtime IT News - Merchants Cope With PCI
> Compliance
&
At 9:44 AM -0400 6/30/08, Kenneth Van Wyk wrote:
> Happy PCI-DSS 6.6 day, everyone. (Wow, that's a sentence you don't
> hear often.)
>
> http://www.internetnews.com/ec-news/article.php/3755916
>
> In talking with my customers over the past several months, I always
> find it interesting that
for the vast majority of the profession - slamming the magic pizza box in a
rack
is more preferable than talking to developers. in many cases the biggest
barrier
to getting better security in companies is the so-called information security
group. it has very little to do with technology, its a
Happy PCI-DSS 6.6 day, everyone. (Wow, that's a sentence you don't
hear often.)
http://www.internetnews.com/ec-news/article.php/3755916
In talking with my customers over the past several months, I always
find it interesting that the vast majority would sooner have root
canal than submit t