Secure Coding mailing list archives
Darkreading: Secure Coding Certification
From: fw at deneb.enyo.de (Florian Weimer)
Date: Sun, 13 May 2007 10:44:19 +0200
* Johan Peeters:
I agree that multiple choice alone is inadequate to test the true breadth and depth of someone's security knowledge. Having contributed a few questions to the SANS pool, I take issue with Gary's article when it implies that you can pass the GSSP test while clueless.
But I guess you can fail it because your views are too refined (and you take too long to make your choices). After all, there are different schools of thought when it comes to secure coding and its methodologies. For instance, summing up buffer overflows or directory traversals under "input validation" is somewhat debatable.
Current thread:
- Darkreading: Secure Coding Certification Gary McGraw (May 11)
- Darkreading: Secure Coding Certification Johan Peeters (May 12)
- Darkreading: Secure Coding Certification Greg Beeley (May 12)
- Darkreading: Secure Coding Certification Florian Weimer (May 13)
- Darkreading: Secure Coding Certification Joe Teff (May 14)
- Darkreading: Secure Coding Certification Greg Beeley (May 15)
- Darkreading: Secure Coding Certification McGovern, James F (HTSC, IT) (May 16)
- Darkreading: Secure Coding Certification Steven M. Christey (May 16)
- Darkreading: Secure Coding Certification Arian J. Evans (May 16)
- Darkreading: Secure Coding Certification McGovern, James F (HTSC, IT) (May 21)
- Tools: Evaluation Criteria McGovern, James F (HTSC, IT) (May 22)
- Tools: Evaluation Criteria Steven M. Christey (May 22)
- Tools: Evaluation Criteria McGovern, James F (HTSC, IT) (May 23)
- Darkreading: Secure Coding Certification Johan Peeters (May 12)