Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

Regional differences in software security

From: ken at krvw.com (Kenneth Van Wyk)
Date: Wed, 26 Nov 2008 09:45:57 -0500
On Nov 26, 2008, at 9:19 AM, Gary McGraw wrote:

I think this idea of regional differences is worth exploring a bit.   
In my work at cigital I have come to believe that there is a  
difference in approach between the east coast of the US and the west  
coast.


I completely agree here.  Stephen raises a fascinating point.

I don't know what I did {right|wrong}, but the vast majority of my  
clients are in Europe or Southeast Asia right now.  (I'm a dual EU/US  
citizen, which perhaps helps.)  Apart from all the air miles, I've  
seen vast differences that seem--at least on the surface via casual  
observation--to have a regional component.  Contrasting US East, West,  
EU, and Asia, there are big differences in such areas as:

- Software process.  I see more process-heavy dev in US East and  
Europe, with far less of it in US West and Asia, for instance.

- Security teams.  I see a pretty solid line between IT security and  
software dev teams in US East and Asia, with lines being more blurred  
in US West and EU.  This seems to be central to Stephen's point, if I  
understand correctly.  And it's a good point to consider.

- Security testing.  ...

The list goes on.  Unfortunately, all I have are casual observations,  
but the "climate differences" seem palpable to me.

Cheers,

Ken

-----
Kenneth R. van Wyk
KRvW Associates, LLC
http://www.KRvW.com





-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2252 bytes
Desc: not available
Url : http://krvw.com/pipermail/sc-l/attachments/20081126/c762de84/attachment.bin
Previous By Date Next
Previous By Thread Next

Current thread: