Hi Mark,
What I have seen is that the organization develops security
standards/guidelines and secure coding guidelines tailored to the org.
If the org is big enough to have its own security team, then they do
it; if not, then they hire consultants to do it. It's not too
difficult to find out
At 9:03 PM -0500 11/26/08, Mark Rockman wrote:
OK. So you decide to outsource your programming assignment to Asia and
demand that they deliver code that is so locked down that it cannot
misbehave. How can you tell that what they deliver is truly locked down?
Will you wait until it gets hacked?
... and demand that they deliver code that is so locked down that it
cannot misbehave.
Your premise is so incorrect that I advise that if you are truly
interested in answering your questions (as opposed to a purely
academic or other exercise), then you should hire a security
specialist to help
OK. So you decide to outsource your programming assignment to Asia
and demand that they deliver code that is so locked down that it cannot
misbehave. How can you tell that what they deliver is truly locked
down? Will you wait until it gets hacked? What simple yet thorough
inspection process