Secure Coding mailing list archives

Darkreading: Secure Coding Certification

From: fw at deneb.enyo.de (Florian Weimer)
Date: Sun, 13 May 2007 10:44:19 +0200

* Johan Peeters:

I agree that multiple choice alone is inadequate to test the true
breadth and depth of someone's security knowledge. Having contributed
a few questions to the SANS pool, I take issue with Gary's article
when it implies that you can pass the GSSP test while clueless.


But I guess you can fail it because your views are too refined (and
you take too long to make your choices).  After all, there are
different schools of thought when it comes to secure coding and its
methodologies.  For instance, summing up buffer overflows or directory
traversals under "input validation" is somewhat debatable.

Current thread:

Darkreading: Secure Coding Certification Gary McGraw (May 11)
- Darkreading: Secure Coding Certification Johan Peeters (May 12)
  - Darkreading: Secure Coding Certification Greg Beeley (May 12)
  - Darkreading: Secure Coding Certification Florian Weimer (May 13)
    - Darkreading: Secure Coding Certification Joe Teff (May 14)
    - Darkreading: Secure Coding Certification Greg Beeley (May 15)
    - Darkreading: Secure Coding Certification McGovern, James F (HTSC, IT) (May 16)
    - Darkreading: Secure Coding Certification Steven M. Christey (May 16)
    - Darkreading: Secure Coding Certification Arian J. Evans (May 16)
    - Darkreading: Secure Coding Certification McGovern, James F (HTSC, IT) (May 21)
    - Tools: Evaluation Criteria McGovern, James F (HTSC, IT) (May 22)
    - Tools: Evaluation Criteria Steven M. Christey (May 22)
    - Tools: Evaluation Criteria McGovern, James F (HTSC, IT) (May 23)
  - Darkreading: Secure Coding Certification Gary McGraw (May 15)

(Thread continues...)