Dailydave mailing list archives
P's and C's of Internal Code Auditing ?
From: Orlando Padilla <xbud () g0thead com>
Date: Mon, 14 Feb 2005 14:21:00 -0500
Hi all,I'm looking to formulate a good list of pros and cons on how having an *internal* code auditing team (working closely with Dev/QA) would provide more value than damage to a company's overall reputation. Most of the examples I've seen/read about as in "Practical Cryptography - Bruce and Neils" and "Building Secure Software - Viega and Mcgraw" iirc - do elaborate on the value a security architect would provide during QA periods and more importantly during design phase. However they discredited these statements and their value by stating the tradeoff between having a good standing in the security industry and what it costs to dish out secure applications doesn't pay off.
Is this really always the case?I understand that some companies simply cannot afford the cost of having expensive 'Security Architects' to work with their main dev teams, but I'd like to focus on the fortune 100-500 corps who can.
I apolgize ahead of time for re-posting a relatively popular question, but I failed to get anything useful out of google or old mailing list archives on the topic.
Orlando _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- P's and C's of Internal Code Auditing ? Orlando Padilla (Feb 14)