Secure Coding mailing list archives
InternetNews Realtime IT News - Merchants Cope With PCICompliance
From: cwysopal at Veracode.com (Chris Wysopal)
Date: Mon, 30 Jun 2008 12:51:11 -0400
Ken, Customers not wanting to part with source code is one of the reasons, at Veracode, we decided to take our static binary analysis technology to market as SaaS. You get the benefit of both automation, as with static source code analysis, and an external assessment, yet you don't have to part with your source code. So that we can deliver the same analysis accuracy as source code static analysis (among other reasons) we require our customers to submit symbols along with the compiled binaries. It is true that there is some intellectual property included in the symbols but it doesn't elicit the same level of protective response which has people opting for the root canal over sending source code externally. Our solution allows organizations to meet the external code review requirements without having external parties inspect their source code. -Chris -----Original Message----- From: sc-l-bounces at securecoding.org [mailto:sc-l-bounces at securecoding.org] On Behalf Of Kenneth Van Wyk Sent: Monday, June 30, 2008 9:44 AM To: Secure Coding Subject: [SC-L] InternetNews Realtime IT News - Merchants Cope With PCICompliance Happy PCI-DSS 6.6 day, everyone. (Wow, that's a sentence you don't hear often.) http://www.internetnews.com/ec-news/article.php/3755916 In talking with my customers over the past several months, I always find it interesting that the vast majority would sooner have root canal than submit their source code to anyone for external review. I'm betting PCI 6.6 has been a boon for the web application firewall (WAF) world. Cheers, Ken ----- Kenneth R. van Wyk SC-L Moderator KRvW Associates, LLC http://www.KRvW.com
Current thread:
- InternetNews Realtime IT News - Merchants Cope With PCI Compliance Kenneth Van Wyk (Jun 30)
- InternetNews Realtime IT News - Merchants Cope With PCI Compliance Gunnar Peterson (Jun 30)
- InternetNews Realtime IT News - Merchants Cope With PCI Compliance Michael Gavin (Jun 30)
- InternetNews Realtime IT News - Merchants Cope With PCI Compliance Arian J. Evans (Jun 30)
- InternetNews Realtime IT News - Merchants Cope With PCI Compliance ljknews (Jun 30)
- InternetNews Realtime IT News - Merchants Cope With PCICompliance Chris Wysopal (Jun 30)
- InternetNews Realtime IT News - Merchants Cope With PCI Compliance Gunnar Peterson (Jun 30)