For starters I believe you misinterpreted my comments on QA. I was in no way
slamming
their abilities. With this in mind comments below.
Before anyone talks about vulnerabilities to test for, we have to figure ou=
t what the business cares about and why. What could go wrong? Who cares? Wh=
On Wed, Feb 4, 2009 at 11:17 AM, Paco Hope p...@cigital.com wrote:
Before anyone talks about vulnerabilities to test for, we have to figure
out what the business cares about and why. What could go wrong? Who cares?
What would the impact be? Answers to those questions drive our testing
For starters I believe you misinterpreted my comments on QA. I was in
no way slamming their abilities. With this in mind comments below.
Sorry about that. I am sensitive to the bias. I went to a very small company
once (10 people total) and as I looked around I saw offices with big LCDs (I
On Wed, Feb 4, 2009 at 7:26 PM, Paco Hope p...@cigital.com wrote:
Andy also said I think we lose something when we start saying 'everything
is
relative.' I think we lose something more important if we try to impose
abolutes: we lose the connection to the business. No business operates on
04, 2009 1:18 PM
To: SC-L@securecoding.org
Subject: Re: [SC-L] Security in QA is more than exploits
All,
I just read Robert's blog entry about re-aligning training expectations for
QA. (http://bit.ly/157Pc3) It has some useful points that both developers and
so-called security people need
All,
I just read Robert's blog entry about re-aligning training expectations for
QA. (http://bit.ly/157Pc3) It has some useful points that both developers and
so-called security people need to hear. I disagree with some implicit biases,
however, and I think we need to get past some stereotypes
