how far we still need to go

[James.McGovern at thehartford.com (McGovern, James F (HTSC, IT))]

 Many folks have talked about certification of individuals but is there
merit in noodling the notion of a security maturity model? What if
end-customers could rank their software vendors in a transparent manner
in the same way that outsourcing firms pursue CMMi? 

The notion of third-party assessors that determine this form of
certification could be supplemental revenue for those who are employed
by consulting firms. Could be similar to SCRUMAlliance certification if
you prefer something lighter weight.

-----Original Message-----
From: sc-l-bounces at securecoding.org
[mailto:sc-l-bounces at securecoding.org] On Behalf Of ljknews
Sent: Wednesday, July 25, 2007 10:23 PM
To: SC-L at securecoding.org
Subject: Re: [SC-L] how far we still need to go

At 2:03 AM +0100 7/26/07, Dinis Cruz wrote:
> It's a simple economics problem. The moment these companies and 
> developers lose sales (or market share) because their products require 
> admin / root privileges to run, is the moment they start to REALLY 
> support it.

For Windows that day might be when they have to run under the new US
federal government standard Windows configuration, due out any month
now.
--
Larry Kilgallen


*************************************************************************
This communication, including attachments, is
for the exclusive use of addressee and may contain proprietary,
confidential and/or privileged information.  If you are not the intended
recipient, any use, copying, disclosure, dissemination or distribution is
strictly prohibited.  If you are not the intended recipient, please notify
the sender immediately by return e-mail, delete this communication and
destroy all copies.
*************************************************************************