Secure Coding mailing list archives
Regional differences in software security
From: ken at krvw.com (Kenneth Van Wyk)
Date: Wed, 26 Nov 2008 09:45:57 -0500
On Nov 26, 2008, at 9:19 AM, Gary McGraw wrote:
I think this idea of regional differences is worth exploring a bit. In my work at cigital I have come to believe that there is a difference in approach between the east coast of the US and the west coast.
I completely agree here. Stephen raises a fascinating point. I don't know what I did {right|wrong}, but the vast majority of my clients are in Europe or Southeast Asia right now. (I'm a dual EU/US citizen, which perhaps helps.) Apart from all the air miles, I've seen vast differences that seem--at least on the surface via casual observation--to have a regional component. Contrasting US East, West, EU, and Asia, there are big differences in such areas as: - Software process. I see more process-heavy dev in US East and Europe, with far less of it in US West and Asia, for instance. - Security teams. I see a pretty solid line between IT security and software dev teams in US East and Asia, with lines being more blurred in US West and EU. This seems to be central to Stephen's point, if I understand correctly. And it's a good point to consider. - Security testing. ... The list goes on. Unfortunately, all I have are casual observations, but the "climate differences" seem palpable to me. Cheers, Ken ----- Kenneth R. van Wyk KRvW Associates, LLC http://www.KRvW.com -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2252 bytes Desc: not available Url : http://krvw.com/pipermail/sc-l/attachments/20081126/c762de84/attachment.bin
Current thread:
- Unclassified NSA document on .NET 2.0 Framework Security, (continued)
- Unclassified NSA document on .NET 2.0 Framework Security Gunnar Peterson (Nov 25)
- Unclassified NSA document on .NET 2.0 Framework Security Stephen Craig Evans (Nov 25)
- Unclassified NSA document on .NET 2.0 Framework Security Gunnar Peterson (Nov 25)
- Unclassified NSA document on .NET 2.0 Framework Security Stephen Craig Evans (Nov 25)
- Unclassified NSA document on .NET 2.0 Framework Security Stephen Craig Evans (Nov 25)
- Unclassified NSA document on .NET 2.0 Framework Security Gary McGraw (Nov 25)
- Unclassified NSA document on .NET 2.0 Framework Security Gunnar Peterson (Nov 25)
- Message not available
- Unclassified NSA document on .NET 2.0 Framework Security Gunnar Peterson (Nov 25)
- Unclassified NSA document on .NET 2.0 Framework Security Stephen Craig Evans (Nov 26)
- Regional differences in software security Gary McGraw (Nov 26)
- Regional differences in software security Kenneth Van Wyk (Nov 26)
- Regional differences in software security Stephen Craig Evans (Nov 26)
- Unclassified NSA document on .NET 2.0 Framework Security Susan Bradley (Nov 26)
- Unclassified NSA document on .NET 2.0 Framework Security Jerry Leichter (Nov 26)
- Unclassified NSA document on .NET 2.0 Framework Security Stephen Craig Evans (Nov 26)
- Unclassified NSA document on .NET 2.0 Framework Security Andy Steingruebl (Nov 25)
- Unclassified NSA document on .NET 2.0 Framework Security ljknews (Nov 25)
- Unclassified NSA document on .NET 2.0 Framework Security Shea, Brian A (Nov 25)
- Unclassified NSA document on .NET 2.0 Framework Security Susan Bradley, CPA (Nov 25)
- Unclassified NSA document on .NET 2.0 Framework Security Dana Epp (Nov 25)