Secure Coding mailing list archives

Survey

From: Paco at cigital.com (Paco Hope)
Date: Tue, 26 Aug 2008 16:49:21 -0400

On 8/26/08 3:03 PM, "ljknews" <ljknews at mac.com> wrote:

I am not interested in dealing with people who cannot get
the simple things right.

Right. Because we all know that the HTML, xHTML, DHTML, CSS, and the related standards are really simple. Nothing to 
it. Writing valid HTML in our applications is a snap. And when management says "so, why are we a week late getting the 
application into production?" they'll be pleased to hear that it was to make sure the HTML on all 300 screens 
validated. Nevermind that the app was satisfying its users and business owners when it didn't validate. It's important 
to make the validation programs happy, not the users or the business.

As it is, web applications are shoved out the door with insufficient attention paid to their functional capabilities. 
Then there's the insufficient attention paid to their security capabilities. Standards compliance is orthogonal to all 
that. I'd rather have a functional and sufficiently secure web site that was non-compliant than one that was compliant 
but lacking in functionality or security.

Either way, I think Gary's point in putting the survey out on this list was to see if we were interested in the survey. 
It's a shame we've gone off on a tangent about the value of validating HTML.

Paco
--
Paco Hope, CISSP
Technical Manager, Cigital, Inc
http://www.cigital.com/ * +1.703.585.7868
Software Confidence. Achieved.

Current thread:

Survey Gary McGraw (Aug 22)
- Survey ljknews (Aug 23)
  - Survey Paco Hope (Aug 24)
    - Survey ljknews (Aug 24)
    - Survey Jim Manico (Aug 24)
    - Survey Stephen Craig Evans (Aug 26)
    - Survey Jim Manico (Aug 26)
    - Survey ljknews (Aug 26)
    - Survey Paco Hope (Aug 26)
    - Survey Jim Manico (Aug 26)
    - Message not available
    - Survey ljknews (Aug 24)
    - Survey Romain Gaucher (Aug 26)
- <Possible follow-ups>
- Survey Gary McGraw (Aug 24)