Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

Perspectives on Code Scanning

From: gunnar at arctecgroup.net (Gunnar Peterson)
Date: Thu, 07 Jun 2007 17:44:37 -0500
and that's the problem. the accountability for insecure coding should
reside with the developers. it's their fault [mostly].


I find it fascinating that an industry like security, that has delivered a
grand total of TWO working mechanisms[1] over several decades of effort, is
so willing to throw others under the bus. Methinks they doth protesteth too
much and all that...

Instead it would be more productive for security to roll up their collective
sleeves and help build better tools and services.

1. Get proactively involved in the SDL, tomorrow if not sooner:
http://www.cigital.com/justiceleague/2007/05/24/sdlc-on-the-shoulders-of-gia
nts/

2. Make sure that involvement is pragmatic, and helps the enterprise make
the hard decisions to improve things instead of standard IT Security CYA:
http://1raindrop.typepad.com/1_raindrop/2007/06/cost_effective_.html

-gp

1. "one being the reference monitor and the other crypto" blaine burnham
Previous By Date Next
Previous By Thread Next

Current thread: