Survey

[jim at manico.net (Jim Manico)]

There are plenty of sites that are perfectly x/html valid that are
completely insecure.

There are plenty of sites that follow perfect w3c and other standards
that are completely insecure.

There are plenty of sites that are top-tier security vendors that, at
least in the past, have been insecure.

- Jim

> At 11:11 AM -0400 8/24/08, Paco Hope wrote:
>
>   
> > Clearly the survey's content is only of interest if the HTML validates.
> >     
>
> The publisher of the web page is not in the security business,
> they are in the publishing business.  But how can I respect
> their publishing expertise if they fail a simple automatic
> test.
>
> And how can their target audience of security folk, who depend
> strongly on following standards respect the knowledge of a
> publisher who does not follow publishing standards.
>
>   
> > On Aug 24, 2008, at 9:47 AM, "ljknews" <ljknews at mac.com> wrote:
> >
> >     
> > > At 2:43 PM -0400 8/22/08, Gary McGraw wrote:
> > >
> > >       
> > > > BankInfoSecurity is running a survey on software security that some
> > > > of you may be interested in participating in.  Try it yourself here:
> > > >
> > > > http://www.bankinfosecurity.com/surveys.php?surveyID=1
> > > >         
> > > Hmmm.  http://validator.w3.org says there are 973 errors on that page.
> > >       


-- 
Jim Manico, Senior Application Security Engineer
jim.manico at aspectsecurity.com | jim at manico.net
(301) 604-4882 (work)
(808) 652-3805 (cell)

Aspect Security?
Securing your applications at the source
http://www.aspectsecurity.com

---------------------------------------------------------------
Management, Developers, Security Professionals ...
... can only result in one thing. BETTER SECURITY.
http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference  
Sept 22nd-25th 2008


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://krvw.com/pipermail/sc-l/attachments/20080824/f36f31a3/attachment.html