Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

Tools: Evaluation Criteria

From: James.McGovern at thehartford.com (McGovern, James F (HTSC, IT))
Date: Tue, 22 May 2007 09:47:34 -0400
We will shortly be starting an evaluation of tools to assist in the secure coding practices initiative and have been 
wildly successful in finding lots of consultants who can assist us in evaluating but absolutely zero in terms of 
finding RFI/RFPs of others who have travelled this path before us. Would especially love to understand stretch goals 
that we should be looking for beyond simple stuff like finding buffer overflows in C, OWASP checklists, etc.
 
In my travels, it "feels" as if folks are simply choosing tools in this space because they are the market leader, 
incumbent vendor or simply asking an industry analyst but none seem to have any "deep" criteria. I guess at some level, 
choosing any tool will move the needle, but investments really should be longer term.


*************************************************************************
This communication, including attachments, is
for the exclusive use of addressee and may contain proprietary,
confidential and/or privileged information.  If you are not the intended
recipient, any use, copying, disclosure, dissemination or distribution is
strictly prohibited.  If you are not the intended recipient, please notify
the sender immediately by return e-mail, delete this communication and
destroy all copies.
*************************************************************************

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://krvw.com/pipermail/sc-l/attachments/20070522/09ed2672/attachment.html
Previous By Date Next
Previous By Thread Next

Current thread: