Home page logo

securecoding logo Secure Coding mailing list archives

Re: [External] Sad state of affairs
From: "Goertzel, Karen [USA]" <goertzel_karen () bah com>
Date: Mon, 23 Sep 2013 13:13:28 +0000

On the other hand, isn't it somewhat analagous to hiring 24/7 armed security guards and installing a state of the art 
physical security system in a museum, and passing and enforcing strict laws against grand larceny?

The "secure coding" alternative would be for museums to stop displaying priceless art works.

Karen Mercedes Goertzel, CISSP
Lead Associate
Booz Allen Hamilton
goertzel_karen () bah com

"If you're not failing every now and again,
it's a sign you're not doing anything very innovative."
- Woody Allen
From: sc-l-bounces () securecoding org [sc-l-bounces () securecoding org] on behalf of Bobby G. Miller [b.g.miller () 
gmail com]
Sent: 20 September 2013 19:47
To: sc-l () securecoding org
Subject: [External] [SC-L] Sad state of affairs

I was just listening to a podcast interviewing a security executive from a prominent vendor.  The response to 
vulnerabilities was to raise the cost/complexity of exploiting bugs rather than actually employing secure coding 
practices.  What saddened me most was that the approach was apparently effective enough.

Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]