Secure Coding mailing list archives
Re: Missing the point?
From: Crispin Cowan <crispin () immunix com>
Date: Mon, 26 Apr 2004 14:49:05 +0100
Michael A. Davis wrote: A Network World article, http://www.nwfusion.com/news/2004/0419codereview.html, discusses the various MS patches that came out last week. Ellen Messmer, the author, talks about the many companies and startups that are selling products to help with code auditing and testing to help automate the security review process. Isn't she missing the point? It is not the source code that is the problem -- it is the developer. I completely disagree: it is the code that counts. The developer can get run over by a bus, and we will still be running the code. Developer education is *one* path to higher code quality. Better tools is another. But better code quality is definitely the end-goal. Crispin -- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ CTO, Immunix http://immunix.com Immunix 7.3 http://www.immunix.com/shop/
Current thread:
- Re: Missing the point?, (continued)
- Re: Missing the point? Dave Aronson (Apr 20)
- Re: Missing the point? Mads Rasmussen (Apr 20)
- RE: Missing the point? Alun Jones (Apr 20)
- Re: Missing the point? Jared W. Robinson (Apr 21)
- Re: Missing the point? Paco Hope (Apr 20)
- Re: Missing the point? Nash (Apr 20)
- RE: Missing the point? Michael A. Davis (Apr 21)
- Re: Missing the point? Pascal Meunier (Apr 20)
- Re: Missing the point? Pascal Meunier (Apr 20)
- RE: Missing the point? Michael S Hines (Apr 23)
- Re: Missing the point? Crispin Cowan (Apr 26)
- Re: Yoran on the state of software security Greenarrow 1 (Apr 22)
- Re: Yoran on the state of software security Greenarrow 1 (Apr 26)