Secure Coding mailing list archives
Integrated Dynamic and Static Scanning
From: andrews at rbacomm.com (Brad Andrews)
Date: Wed, 29 Jul 2009 17:37:26 -0500
While I completely agree with this statement, it is a much tougher sell to management that is seeking to keep the company making money (or perhaps even alive). I believe that having (and using) an imperfect tool is better than nothing, so I would at least push for that. Getting things that play well together is even better. I think a complete overhaul and digging security flaws out is even better, but is a much harder sell in many places in my experience. Perhaps I am too jaded, but you have to work with what you can get approved and paid for. The cost of the "indispensable" experience is much higher than most companies will stomach. :) Some companies do value it, but most haven't "seen the light" yet in my experience. While that is limited compared to many on this list, I think my perspective is something that is easy to lose track of when you are fixing security issues every day. Everyone doesn't share the vision, unfortunately. And some of those that see the problem don't have the budget and executive support to fix the problem.... -- Brad Andrews RBA Communications CSSLP, SANS/GIAC GSEC, GCFW, GCIH, GPCI Quoting Andre Gironda <andreg at gmail.com>:
On 7/28/09, Brad Andrews <andrews at rbacomm.com> wrote: Experts can't be replaced by tools.
Current thread:
- IBM Acquires Ounce Labs, Inc., (continued)
- IBM Acquires Ounce Labs, Inc. Arian J. Evans (Aug 04)
- IBM Acquires Ounce Labs, Inc. Steven M. Christey (Aug 05)
- IBM Acquires Ounce Labs, Inc. Romain Gaucher (Aug 05)
- IBM Acquires Ounce Labs, Inc. Steven M. Christey (Aug 05)
- IBM Acquires Ounce Labs, Inc. Matt Fisher (Aug 05)
- IBM Acquires Ounce Labs, Inc. Arian J. Evans (Aug 05)
- Integrated Dynamic and Static Scanning Brad Andrews (Jul 28)
- Integrated Dynamic and Static Scanning McGovern, James F (HTSC, IT) (Jul 29)
- Integrated Dynamic and Static Scanning Brad Andrews (Jul 29)
- Message not available
- Integrated Dynamic and Static Scanning Brad Andrews (Jul 29)