Secure Coding mailing list archives

Darkreading: compliance

From: coley at linus.mitre.org (Steven M. Christey)
Date: Mon, 12 Mar 2007 19:26:19 -0400 (EDT)


On Tue, 13 Mar 2007, Michael Silk wrote:

no. my feeling is that it focuses management on unimportant things like
meeting checkpoints rather then actually doing useful things.


While I understand the sentiment, one thing I don't know is:  how could
you measure "doing useful things" in any repeatable, cost-effective
fashion that does not ultimately boil down to checklists of one form or
another?

- Steve

Current thread:

Darkreading: compliance Gary McGraw (Mar 12)
- Darkreading: compliance bugtraq at cgisecurity.net (Mar 12)
- Darkreading: compliance Michael Silk (Mar 12)
  - Darkreading: compliance Steven M. Christey (Mar 12)
  - Darkreading: compliance Bruce Ediger (Mar 13)
- Darkreading: compliance Benjamin Tomhave (Mar 30)
  - Darkreading: compliance ljknews (Mar 30)
- <Possible follow-ups>
- Darkreading: compliance Gary McGraw (Mar 12)
- Darkreading: compliance Gary McGraw (Mar 13)
  - Darkreading: compliance Michael Silk (Mar 13)