Secure Coding mailing list archives

Two Questions around Consulting on Secure Coding

From: James.McGovern at thehartford.com (McGovern, James F (HTSC, IT))
Date: Wed, 5 Sep 2007 12:53:41 -0400

I would like to gain a perspective from the various software vendors as
to which consulting firms they believe have the best expertise in
assisting clients with rollout of their tools. I hope that a couple of
names will appear across software vendors. I am also hoping one or two
names will emerge across vendors as common.

I know asking a question that is related to consulting but where an
answer from a consulting firm isn't required will compel consultant
types to respond, I figured I would also ask another question in which
they may have better perspective.

I am seeking a developer-level resource for a three month onsite
consulting engagement (initial) to operationalize our rollout of tools
that enable secure coding. Candidates should have the following
characteristics:

Knowledge and hands-on administration experience using Fortify Software,
Coverity, Ounce Labs, HP DevInspect, etc (We haven't chosen the tool
yet)
Ability to program in both Java and .NET languages
Ability to do presentations to other software developers on secure
coding topics
Strong analytical and logical thinking capability
Work indepedently and under little supervision / guidance and take on
technical lead role as needed
Ability to produce written documentation on technical alternatives
API design and implementation. Familiarity with XML, XML Schema, XSL or
other XML tools a plus.
Hourly rate depending on actual experience in a security context

Will need resumes emailed to me  by Friday, September 7th. Please also
include hourly rate. Not looking for candidates higher on the food chain
to do "strategy" , "POC", etc but developer-types to help with
operational aspects with rates inline with this notion.


*************************************************************************
This communication, including attachments, is
for the exclusive use of addressee and may contain proprietary,
confidential and/or privileged information.  If you are not the intended
recipient, any use, copying, disclosure, dissemination or distribution is
strictly prohibited.  If you are not the intended recipient, please notify
the sender immediately by return e-mail, delete this communication and
destroy all copies.
*************************************************************************

Current thread:

Really dumb questions? Brian Chess (Aug 30)
- Two Questions around Consulting on Secure Coding McGovern, James F (HTSC, IT) (Sep 05)
- Question on the importance of secure coding McGovern, James F (HTSC, IT) (Sep 07)