mailing list archives
Re: [External] Sad state of affairs
From: "Goertzel, Karen [USA]" <goertzel_karen () bah com>
Date: Mon, 23 Sep 2013 13:13:28 +0000
On the other hand, isn't it somewhat analagous to hiring 24/7 armed security guards and installing a state of the art
physical security system in a museum, and passing and enforcing strict laws against grand larceny?
The "secure coding" alternative would be for museums to stop displaying priceless art works.
Karen Mercedes Goertzel, CISSP
Booz Allen Hamilton
goertzel_karen () bah com
"If you're not failing every now and again,
it's a sign you're not doing anything very innovative."
- Woody Allen
From: sc-l-bounces () securecoding org [sc-l-bounces () securecoding org] on behalf of Bobby G. Miller [b.g.miller ()
Sent: 20 September 2013 19:47
To: sc-l () securecoding org
Subject: [External] [SC-L] Sad state of affairs
I was just listening to a podcast interviewing a security executive from a prominent vendor. The response to
vulnerabilities was to raise the cost/complexity of exploiting bugs rather than actually employing secure coding
practices. What saddened me most was that the approach was apparently effective enough.
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates