But don't the tools help the developer produce better quality code through defect detection?
Mike Hines ----------------------------------- Michael S Hines [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael A. Davis Sent: Tuesday, April 20, 2004 11:34 AM To: [EMAIL PROTECTED] Subject: [SC-L] Missing the point? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 A Network World article, http://www.nwfusion.com/news/2004/0419codereview.html, discusses the various MS patches that came out last week. Ellen Messmer, the author, talks about the many companies and startups that are selling products to help with code auditing and testing to help automate the security review process. Isn't she missing the point? It is not the source code that is the problem -- it is the developer. Thoughts? Thanks, Michael A. Davis Chief Executive Officer Savid Technologies, Inc. http://www.savidtech.com -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQIVRFNo69WASbsMmEQIzpwCeMRWZWkLPDdu5Imw1QCTvYfKvWj0AniML 8NRPFtdgGl6GvwR5WOsuU/kT =3oCH -----END PGP SIGNATURE-----
