Home page logo

webappsec logo WebApp Sec mailing list archives

RE: Threat Modelling
From: "Runion Mark A FGA DOIM WEBMASTER(ctr)" <mark.runion () us army mil>
Date: Mon, 24 May 2004 17:13:12 -0000

Interesting discussion and I would agree.  There is no single tool that can
or will be able to operate on the high or low level of risk assessment or IT
and Network Security.  However, have you considered that this is why there
exists a job field called IT and Network Security Specialist, and one of
their primary tasks is Risk Assessments.  If you really need this job done
rather than buying some incomplete tool...how about hiring a person whom is
trained and has experience in precisely this.

Not doing so and trusting to tools or wizards is like asking if Microsoft
has created a wizard to replace a programming team.  But can't we just pay
you for a wizard that will replace 10 programmers?  The devil is in the
details.  <- Nice quote, thanks.

Mark Runion

To: webappsec
Subject: RE: Threat Modelling



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]