On 6/7/07, McGovern, James F (HTSC, IT) <[EMAIL PROTECTED]> wrote: > I really hope that this email doesn't generate a ton of offline emails and > hope that folks will > talk publicly. It has been my latest thinking that the value of tools in this > space are not really > targeted at developers but should be targeted at executives who care about > overall quality > and security folks who care about risk. While developers are the ones to > remediate, the > accountability for secure coding resides elsewhere.
and that's the problem. the accountability for insecure coding should reside with the developers. it's their fault [mostly]. > It would seem to be that tools that developers plug into their IDE should be > free since the > value proposition should reside elsewhere. Many of these tools provide > "audit" functionality > and allow enterprises to gain a view into their portfolio that they > previously had zero clue > about and this is where the value should reside. > > If there is even an iota of agreement, wouldn't it be in the best interest of > folks here to get > vendors to ignore developer specific licensing and instead focus on > enterprise concerns? > > > ************************************************************************* > This communication, including attachments, is > for the exclusive use of addressee and may contain proprietary, > confidential and/or privileged information. If you are not the intended > recipient, any use, copying, disclosure, dissemination or distribution is > strictly prohibited. If you are not the intended recipient, please notify > the sender immediately by return e-mail, delete this communication and > destroy all copies. > ************************************************************************* > > > _______________________________________________ > Secure Coding mailing list (SC-L) SC-L@securecoding.org > List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l > List charter available at - http://www.securecoding.org/list/charter.php > SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) > as a free, non-commercial service to the software security community. > _______________________________________________ > -- mike 68 65 6c 6c 6f 20 74 6f 20 79 6f 75 2c 20 68 65 78 20 64 65 63 6f 64 65 72 2e _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________