Secure Coding mailing list archives
Darkreading: compliance
From: coley at linus.mitre.org (Steven M. Christey)
Date: Mon, 12 Mar 2007 19:26:19 -0400 (EDT)
On Tue, 13 Mar 2007, Michael Silk wrote:
no. my feeling is that it focuses management on unimportant things like meeting checkpoints rather then actually doing useful things.
While I understand the sentiment, one thing I don't know is: how could you measure "doing useful things" in any repeatable, cost-effective fashion that does not ultimately boil down to checklists of one form or another? - Steve
Current thread:
- Darkreading: compliance Gary McGraw (Mar 12)
- Darkreading: compliance bugtraq at cgisecurity.net (Mar 12)
- Darkreading: compliance Michael Silk (Mar 12)
- Darkreading: compliance Steven M. Christey (Mar 12)
- Darkreading: compliance Bruce Ediger (Mar 13)
- Darkreading: compliance Benjamin Tomhave (Mar 30)
- Darkreading: compliance ljknews (Mar 30)
- <Possible follow-ups>
- Darkreading: compliance Gary McGraw (Mar 12)
- Darkreading: compliance Gary McGraw (Mar 13)
- Darkreading: compliance Michael Silk (Mar 13)