Secure Coding mailing list archives
InformIT: You need an SSG
From: lists at ticm.com (Bret Watson)
Date: Tue, 22 Dec 2009 12:24:39 +0800
At 08:01 AM 22/12/2009, Mike Boberski wrote:
Hi Gary. To play devil's advocate: Current organizational practices aside, I would say that organizations really need more and better toolkits and standards for developers to use, than they need more and better committees.
I'd have to agree - whilst SSG is probably a great opportunity for a management consultant, it rarely delivers anything directly useful. In fact I would go as far as to say that if a SSG delivers something useful, the organisation was already ready to deliver the changes. Committees rarely take direct ownership of a problem. Toolsets may or may not deliver results - depending on if there are ways around them - too often you hear the excuse "we can't waste time with that - the business won't wait" However toolset will work if you have a good properly supported securty mgmt function :) Cheers Bret
Current thread:
- InformIT: You need an SSG Gary McGraw (Dec 21)
- InformIT: You need an SSG Mike Boberski (Dec 21)
- Message not available
- InformIT: You need an SSG Bret Watson (Dec 21)
- InformIT: You need an SSG Gary McGraw (Dec 22)
- Message not available
- InformIT: You need an SSG Dave Aronson (Dec 22)
- InformIT: You need an SSG Mike Boberski (Dec 21)
- InformIT: You need an SSG Benjamin Tomhave (Dec 22)
- InformIT: You need an SSG Gary McGraw (Dec 22)
- InformIT: You need an SSG Boberski, Michael [USA] (Dec 22)
- InformIT: You need an SSG Benjamin Tomhave (Dec 22)
- InformIT: You need an SSG Gary McGraw (Dec 23)
- InformIT: You need an SSG Gary McGraw (Dec 22)
- <Possible follow-ups>
- InformIT: You need an SSG Mike Boberski (Dec 21)
- Message not available
- InformIT: You need an SSG Mike Boberski (Dec 21)
- Message not available
- InformIT: You need an SSG Mike Boberski (Dec 21)
- Message not available