Secure Coding mailing list archives

InformIT: You need an SSG

From: lists at ticm.com (Bret Watson)
Date: Tue, 22 Dec 2009 12:24:39 +0800

At 08:01 AM 22/12/2009, Mike Boberski wrote:

Hi Gary.

To play devil's advocate:

Current organizational practices aside, I would say that 
organizations really need more and better toolkits and standards for 
developers to use, than they need more and better committees.


I'd have to agree - whilst SSG is probably a great opportunity for a 
management consultant, it rarely delivers anything directly useful. 
In fact I would go as far as to say that if a SSG delivers something 
useful, the organisation was already ready to deliver the changes. 
Committees rarely take direct ownership of a problem.

Toolsets may or may not deliver results - depending on if there are 
ways around them - too often you hear the excuse "we can't waste time 
with that - the business won't wait"

However toolset will work if you have a good properly supported 
securty mgmt function :)

Cheers

Bret

Current thread:

InformIT: You need an SSG Gary McGraw (Dec 21)
- InformIT: You need an SSG Mike Boberski (Dec 21)
  - Message not available
    - InformIT: You need an SSG Bret Watson (Dec 21)
    - InformIT: You need an SSG Gary McGraw (Dec 22)
  - InformIT: You need an SSG Dave Aronson (Dec 22)
- InformIT: You need an SSG Benjamin Tomhave (Dec 22)
  - InformIT: You need an SSG Gary McGraw (Dec 22)
    - InformIT: You need an SSG Boberski, Michael [USA] (Dec 22)
    - InformIT: You need an SSG Benjamin Tomhave (Dec 22)
    - InformIT: You need an SSG Gary McGraw (Dec 23)
- <Possible follow-ups>
- InformIT: You need an SSG Mike Boberski (Dec 21)
  - Message not available
    - InformIT: You need an SSG Mike Boberski (Dec 21)
    - Message not available
    - InformIT: You need an SSG Mike Boberski (Dec 21)

(Thread continues...)