hi sc-l,
this month's darkreading column is about compliance. my own belief is
that compliance has really helped move software security forward. in
particular, sox and pci have been a boon:
http://www.darkreading.com/document.asp?doc_id=119163
what do you think? have compliance efforts you
Maybe it depends on the vertical? What vertical(s) did you find it a
distraction in?
gem
-Original Message-
From: Michael Silk [mailto:[EMAIL PROTECTED]
Sent: Mon Mar 12 17:34:56 2007
To: Gary McGraw
Cc: SC-L@securecoding.org
Subject:Re: [SC-L] Darkreading:
On 3/13/07, Gary McGraw [EMAIL PROTECTED] wrote:
hi sc-l,
this month's darkreading column is about compliance. my own belief is
that compliance has really helped move software security forward. in
particular, sox and pci have been a boon:
what do you think? have compliance efforts you know about helped to
forward software security?
Compliance brings accountability. Without accountability or financial impact
people have
little incentive for putting security on the priority list. I for one welcome
our compliance
overlords.
Ed Reed wrote:
For a long time I thought that software product liability would
eventually be forced onto developers in response to their long-term
failure to take responsibility for their shoddy code. I was mistaken.
The pool of producers (i.e., the software industry) is probably too
small
On Mon, 12 Mar 2007, Crispin Cowan wrote:
Ed Reed wrote:
For a long time I thought that software product liability would
eventually be forced onto developers in response to their long-term
failure to take responsibility for their shoddy code. I was mistaken.
The pool of producers (i.e.,