Secure Coding mailing list archives
Software security video podcast
From: jms at bughunter.ca (J.M. Seitz)
Date: Thu, 18 Oct 2007 14:40:33 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Software security can be tricky when it comes to requirements, mostly because customers and consumers don't explicitly demand
security, rather they impicitly expect it. Wait a second here, don't customers also implicitly expect that the software is going to run? I mean I haven't seen a requirements document _ever_ that has said "The software must start.". They just implicitly expect that its going to do that. Doesn't seem like a big surprise that most customers will _expect_ that "Hey, I don't want this software pwnable after you're done with it." Not sure where the trickiness you are referring to comes from? JS ps. Didn't AW publish your book(s)? :) I would be real surprised [turning on Tom Ptaceks snarky bit] if there's any mention of them. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHF9LQKEj7ZJktQNsRAj7XAJ4n02GXp1VIBXSqRYhOhk3oLQDVDgCeNZ8X MpcLEq7QUXtk8ENmGb2TqaQ= =Sdb7 -----END PGP SIGNATURE-----
Current thread:
- Software security video podcast Gary McGraw (Oct 18)
- Software security video podcast J.M. Seitz (Oct 18)
- Software security video podcast John Mason Jr (Oct 27)
- Software security video podcast Wisseman, Stan [USA] (Oct 29)
- Software security video podcast Shea, Brian A (Oct 29)
- Software security video podcast John Mason Jr (Oct 27)
- Software security video podcast J.M. Seitz (Oct 18)