Secure Coding mailing list archives

Perspectives on Code Scanning

From: James.McGovern at thehartford.com (McGovern, James F (HTSC, IT))
Date: Wed, 13 Jun 2007 12:40:57 -0400

OK, so is the next challenge to create contract language that goes beyond the stuff that OWASP is doing to include all 
security requirements and not just web focused?

-----Original Message-----
From: sc-l-bounces at securecoding.org
[mailto:sc-l-bounces at securecoding.org]On Behalf Of Michael S Hines
Sent: Thursday, June 07, 2007 9:13 AM
To: 'Secure Coding'
Subject: Re: [SC-L] Perspectives on Code Scanning

and that's the problem. the accountability for insecure coding should
reside with the developers. it's their fault [mostly].


The customers have most of the power, but the security community has
collectively failed to educate customers on how to ask for more secure
software.  There are pockets of success, but a whole lot more could be done.

--- the software should work and be secure (co-requirements).  The user
community has been educated to accept CTL-ALT-DEL and wait as an acceptable
method of computing (and when things are really haywire - resintall the OS
and loose all your work).   We've got a long way to go for them to expect
software to also be secure, since they now accept that it doesn't work right
as SOP.

Mike Hines
mshines at purdue.edu


_______________________________________________
Secure Coding mailing list (SC-L) SC-L at securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________


*************************************************************************
This communication, including attachments, is
for the exclusive use of addressee and may contain proprietary,
confidential and/or privileged information.  If you are not the intended
recipient, any use, copying, disclosure, dissemination or distribution is
strictly prohibited.  If you are not the intended recipient, please notify
the sender immediately by return e-mail, delete this communication and
destroy all copies.
*************************************************************************

Current thread:

IBM to catch Watchfire security technology | Tech News on ZDNet Kenneth Van Wyk (Jun 06)
- Perspectives on Code Scanning McGovern, James F (HTSC, IT) (Jun 06)
  - Perspectives on Code Scanning Michael Silk (Jun 06)
    - Perspectives on Code Scanning Steven M. Christey (Jun 06)
    - Perspectives on Code Scanning Michael S Hines (Jun 07)
    - Perspectives on Code Scanning der Mouse (Jun 07)
    - Perspectives on Code Scanning Shea, Brian A (Jun 07)
    - Perspectives on Code Scanning der Mouse (Jun 07)
    - Perspectives on Code Scanning McGovern, James F (HTSC, IT) (Jun 13)
    - Perspectives on Code Scanning McGovern, James F (HTSC, IT) (Jun 07)
    - Perspectives on Code Scanning Gunnar Peterson (Jun 07)
    - Perspectives on Code Scanning Michael Silk (Jun 07)
  - Perspectives on Code Scanning Arian J. Evans (Jun 07)
    - Perspectives on Code Scanning McGovern, James F (HTSC, IT) (Jun 07)
  - Perspectives on Code Scanning Paolo Perego (Jun 08)
    - Perspectives on Code Scanning McGovern, James F (HTSC, IT) (Jun 08)
    - Perspectives on Code Scanning Paolo Perego (Jun 10)