Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Comparing Scanning Tools

From: James.McGovern at thehartford.com (McGovern, James F (HTSC, IT))
Date: Fri, 9 Jun 2006 12:10:19 -0400
I think I should have been more specific in my first post. I should have phrased it as I have yet to find a large 
enterprise whose primary business isn't software or technology that has made a significant investment in such tools.
 
Likewise, a lot of large enteprrises are shifting away from building inhouse to either outsourcing and/or buying which 
means that secure coding practices should also be enforced via procurement agreements. Has anyone here ran across 
contract clauses that assist in this regard?

-----Original Message-----
From: Gunnar Peterson [mailto:gunnar at arctecgroup.net]
Sent: Friday, June 09, 2006 8:48 AM
To: Brian Chess; Secure Mailing List; McGovern, James F (HTSC, IT)
Subject: Re: [SC-L] RE: Comparing Scanning Tools


Right, because their customers (are starting to) demand more secure code from their technology. In the enterprise space 
the financial, insurance, healthcare companies who routinely lose their customer's data and provide their customers 
with vulnerability-laden apps have not yet seen the same amount of customer demand for this, but 84 million public lost 
records later ( http://www.privacyrights.org/ar/ChronDataBreaches.htm) this may begin to change.

-gp


On 6/9/06 1:45 AM, "Brian Chess" <brian at fortifysoftware.com> wrote:



McGovern, James F wrote:


I have yet to find a large enterprise that has made a significant investment in such tools. 


I'll give you pointers to two.  They're two of the three largest software companies in the world.

http://news.com.com/2100-1002_3-5220488.html
http://news.zdnet.com/2100-3513_22-6002747.html

Brian


  _____  

_______________________________________________
Secure Coding mailing list (SC-L)
SC-L at securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php







*************************************************************************
This communication, including attachments, is
for the exclusive use of addressee and may contain proprietary,
confidential and/or privileged information.  If you are not the intended
recipient, any use, copying, disclosure, dissemination or distribution is
strictly prohibited.  If you are not the intended recipient, please notify
the sender immediately by return e-mail, delete this communication and
destroy all copies.
*************************************************************************

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://krvw.com/pipermail/sc-l/attachments/20060609/1f72b341/attachment.html
Previous By Date Next
Previous By Thread Next

Current thread: