Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

What do you like better Web penetration testing or static code analysis?

From: kevin.w.wall at gmail.com (Kevin W. Wall)
Date: Sat, 24 Apr 2010 12:54:31 -0400
Brian Chess wrote:

I like your point Matt.  Everybody who's responded thus-far has wanted to
turn this into a discussion about what's most effective or what has the most
benefit, sort of like we were comparing which icky medicine to take or which
overcooked vegetable to eat.  Maybe they don't get any pleasure from the
work itself.


I take exception to that use of "everybody". My response was based solely
on my *preference*, which is what my understanding of Matt was originally
asking. But SC-L being the mailing list of many tangents, well...

And again, for the record, I *enjoy* both pen testing and static code
analysis, but I _personally_ prefer doing static code analysis, if no
other reason that generally allows me to work closer to the development
teams where I can better suggest appropriate mitigation.

Of course, my post (at least the original one) wasn't controversial enough
to stir up the pot and cause it to go off in some other direction, so it
may have flew past you under the radar. Not that that matters. OTOH, I
don't want to be lumped into the "everybody" category especially when
that list includes those who can't follow simple directions. ;-)

Regards,
-kevin
-- 
Kevin W. Wall
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We cause accidents."        -- Nathaniel Borenstein, co-creator of MIME
Previous By Date Next
Previous By Thread Next

Current thread: