Secure Coding mailing list archives

Darkreading: compliance

From: gem at cigital.com (Gary McGraw)
Date: Mon, 12 Mar 2007 17:38:09 -0400

Maybe it depends on the vertical?   What vertical(s) did you find it a distraction in?

gem

 -----Original Message-----
From:   Michael Silk [mailto:michaelslists at gmail.com]
Sent:   Mon Mar 12 17:34:56 2007
To:     Gary McGraw
Cc:     SC-L at securecoding.org
Subject:        Re: [SC-L] Darkreading: compliance

On 3/13/07, Gary McGraw <gem at cigital.com> wrote:


hi sc-l,

this month's darkreading column is about compliance.  my own belief is
that compliance has really helped move software security forward.  in
particular, sox and pci have been a boon:

http://www.darkreading.com/document.asp?doc_id=119163

what do you think?  have compliance efforts you know about helped to
forward software security?




no. my feeling is that it focuses management on unimportant things like
meeting checkpoints rather then actually doing useful things.


gem


company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book www.swsec.com




----------------------------------------------------------------------------
This electronic message transmission contains information that may be
confidential or privileged.  The information contained herein is intended
solely for the recipient and use by any other party is not authorized.  If
you are not the intended recipient (or otherwise authorized to receive
this
message by the intended recipient), any disclosure, copying, distribution
or
use of the contents of the information is prohibited.  If you have
received
this electronic message transmission in error, please contact the sender
by
reply email and delete all copies of this message.  Cigital, Inc. accepts
no
responsibility for any loss or damage resulting directly or indirectly
from
the use of this email or its contents.
Thank You.

----------------------------------------------------------------------------

_______________________________________________
Secure Coding mailing list (SC-L) SC-L at securecoding.org
List information, subscriptions, etc -
http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________




-- 
mike
00110001 <3 00110111




----------------------------------------------------------------------------
This electronic message transmission contains information that may be
confidential or privileged.  The information contained herein is intended
solely for the recipient and use by any other party is not authorized.  If
you are not the intended recipient (or otherwise authorized to receive this
message by the intended recipient), any disclosure, copying, distribution or
use of the contents of the information is prohibited.  If you have received
this electronic message transmission in error, please contact the sender by
reply email and delete all copies of this message.  Cigital, Inc. accepts no
responsibility for any loss or damage resulting directly or indirectly from
the use of this email or its contents.
Thank You.
----------------------------------------------------------------------------

Current thread:

Darkreading: compliance Gary McGraw (Mar 12)
- Darkreading: compliance bugtraq at cgisecurity.net (Mar 12)
- Darkreading: compliance Michael Silk (Mar 12)
  - Darkreading: compliance Steven M. Christey (Mar 12)
  - Darkreading: compliance Bruce Ediger (Mar 13)
- Darkreading: compliance Benjamin Tomhave (Mar 30)
  - Darkreading: compliance ljknews (Mar 30)
- <Possible follow-ups>
- Darkreading: compliance Gary McGraw (Mar 12)
- Darkreading: compliance Gary McGraw (Mar 13)
  - Darkreading: compliance Michael Silk (Mar 13)