Michael A. Davis wrote:
A Network World article,
http://www.nwfusion.com/news/2004/0419codereview.html, discusses the
various MS patches that came out last week. Ellen Messmer, the
author, talks about the many companies and startups that are selling
products to help with code auditing and testing
esday, April 20, 2004 11:34 AM
To: [EMAIL PROTECTED]
Subject: [SC-L] Missing the point?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
A Network World article,
http://www.nwfusion.com/news/2004/0419codereview.html, discusses the
various MS patches that came out last week. Ellen Messmer, the
author,
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]
> Behalf Of Pascal Meunier
> Sent: 20 April 2004 20:00
> To: Michael A. Davis
> Cc: [EMAIL PROTECTED]
> Subject: Re: [SC-L] Missing the point?
>
>
[snip]
> However, the PSP and
> Does anyone know more about the Fortify product? Gary mentioned it in
> his webcast the other day.
Details are sketchy on the Fortify product. It's supposed to be able to
analyze C, C++ and Java. See http://fortifysoftware.com and contact them
directly if you want to evaluate their product.
Se
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> While you are exactly right that developers write bad code,
> > we shouldn't leave the developers out in the cold and just
> say "You are the problem.
> Learn to write better code." If there are code auditing and
Ah, my original email wasn't v
[EMAIL PROTECTED] wrote:
> Michael A. Davis wrote:
>> Isn't she missing the point? It is not the source code that is the
>> problem -- it is the developer.
>
> Well ofcause you can improve the quality of your code by
> educating your developers, but you cannot avoid doing code review.
> Develo
On Tue, Apr 20, 2004 at 02:55:34PM -0400, Paco Hope wrote:
>
> Right now, most developers use the raw ingredients and an old wood oven to
> bake their bread. Debates rage over what kind of flour or salt to use. If
> we can put a bread machine on their desk, give them better ingredients, and
> sh
On Apr 20, 2004, at 11:34 AM, Michael A. Davis wrote:
Isn't she missing the point? It is not the source code that is the
problem -- it is the developer.
Thoughts?
No, it's the processes (training, development, QA, QC, etc...).
Everyone makes stupid mistakes. If you rely solely on the developers
P.S.: I meant "wise", not "smart" people in my answer below. There
are lots of smart people doing unwise things :-). I also meant that
without criticism of anyone in particular and more in admiration of
people who actually do it successfully ;-)
Cheers,
Pascal
On Apr 20, 2004, at 11:34 AM, M
On 4/20/04 12:34 PM, "Michael A. Davis" <[EMAIL PROTECTED]> wrote:
> Isn't she missing the point? It is not the source code that is the
> problem -- it is the developer.
You can bake bread with flour, water, salt, yeast, and an old wood oven.
You can also buy a bread machine and a kit with pre-mix
Michael A. Davis wrote:
Isn't she missing the point? It is not the source code that is the
problem -- it is the developer.
Well ofcause you can improve the quality of your code by educating your
developers, but you cannot avoid doing code review. Developers are lazy
and they will commit errors
On Tue April 20 2004 12:34, Michael A. Davis wrote:
> It is not the source code that is the
> problem -- it is the developer.
The proof of the developer's grokking of secure coding, is in the code.
--
Dave Aronson, Senior Software Engineer, Secure Software Inc.
Email me at: work (D0T) 2004 (@
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
A Network World article,
http://www.nwfusion.com/news/2004/0419codereview.html, discusses the
various MS patches that came out last week. Ellen Messmer, the
author, talks about the many companies and startups that are selling
products to help with co
13 matches
Mail list logo
