Secure Coding mailing list archives
Survey
From: Paco at cigital.com (Paco Hope)
Date: Tue, 26 Aug 2008 16:49:21 -0400
On 8/26/08 3:03 PM, "ljknews" <ljknews at mac.com> wrote: I am not interested in dealing with people who cannot get the simple things right. Right. Because we all know that the HTML, xHTML, DHTML, CSS, and the related standards are really simple. Nothing to it. Writing valid HTML in our applications is a snap. And when management says "so, why are we a week late getting the application into production?" they'll be pleased to hear that it was to make sure the HTML on all 300 screens validated. Nevermind that the app was satisfying its users and business owners when it didn't validate. It's important to make the validation programs happy, not the users or the business. As it is, web applications are shoved out the door with insufficient attention paid to their functional capabilities. Then there's the insufficient attention paid to their security capabilities. Standards compliance is orthogonal to all that. I'd rather have a functional and sufficiently secure web site that was non-compliant than one that was compliant but lacking in functionality or security. Either way, I think Gary's point in putting the survey out on this list was to see if we were interested in the survey. It's a shame we've gone off on a tangent about the value of validating HTML. Paco -- Paco Hope, CISSP Technical Manager, Cigital, Inc http://www.cigital.com/ * +1.703.585.7868 Software Confidence. Achieved.
Current thread:
- Survey Gary McGraw (Aug 22)
- Message not available
- Survey ljknews (Aug 24)
- Survey Romain Gaucher (Aug 26)
- <Possible follow-ups>
- Survey Gary McGraw (Aug 24)