Secure Coding mailing list archives
Survey
From: jim at manico.net (Jim Manico)
Date: Sun, 24 Aug 2008 13:05:42 -1000
There are plenty of sites that are perfectly x/html valid that are completely insecure. There are plenty of sites that follow perfect w3c and other standards that are completely insecure. There are plenty of sites that are top-tier security vendors that, at least in the past, have been insecure. - Jim
At 11:11 AM -0400 8/24/08, Paco Hope wrote:Clearly the survey's content is only of interest if the HTML validates.The publisher of the web page is not in the security business, they are in the publishing business. But how can I respect their publishing expertise if they fail a simple automatic test. And how can their target audience of security folk, who depend strongly on following standards respect the knowledge of a publisher who does not follow publishing standards.On Aug 24, 2008, at 9:47 AM, "ljknews" <ljknews at mac.com> wrote:At 2:43 PM -0400 8/22/08, Gary McGraw wrote:BankInfoSecurity is running a survey on software security that some of you may be interested in participating in. Try it yourself here: http://www.bankinfosecurity.com/surveys.php?surveyID=1Hmmm. http://validator.w3.org says there are 973 errors on that page.
-- Jim Manico, Senior Application Security Engineer jim.manico at aspectsecurity.com | jim at manico.net (301) 604-4882 (work) (808) 652-3805 (cell) Aspect Security? Securing your applications at the source http://www.aspectsecurity.com --------------------------------------------------------------- Management, Developers, Security Professionals ... ... can only result in one thing. BETTER SECURITY. http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference Sept 22nd-25th 2008 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://krvw.com/pipermail/sc-l/attachments/20080824/f36f31a3/attachment.html
Current thread:
- Survey Gary McGraw (Aug 22)
- Message not available
- Survey ljknews (Aug 24)
- Survey Romain Gaucher (Aug 26)
- <Possible follow-ups>
- Survey Gary McGraw (Aug 24)