At 2:32 PM -0400 6/9/06, Jeremy Epstein wrote:
> Having said that, it's completely at odds compared to what I see working
>for an ISV of a non-security product. That is, I almost never have
>prospects/customers ask me what we do to assure our software.
I don't even get those questions for our se
Title: Re: [SC-L] RE: Comparing Scanning Tools
At the RSA Conference in February, I went to a reception
hosted by a group called "Secure Software Forum" (not to be confused with
the company Secure Software Inc, which offers a product competitive to
Fortify). They had a panel session where re
Title: Re: [SC-L] RE: Comparing Scanning Tools
The OWASP Legal project took a crack at
this: http://www.owasp.org/index.php/Category:OWASP_Legal_Project
This project developed a strawman Secure
Software Development Contract annex which is available at: http://www.owasp.org/index.php/OWA
Title: Re: [SC-L] RE: Comparing Scanning Tools
I
think I should have been more specific in my first post. I should have phrased
it as I have yet to find a large enterprise whose primary business isn't
software or technology that has made a significant investment in such
tools.
Likewise, a
Title: Re: [SC-L] RE: Comparing Scanning Tools
Right, because their customers (are starting to) demand more secure code from their technology. In the enterprise space the financial, insurance, healthcare companies who routinely lose their customer’s data and provide their customers with vulnerab
Title: RE: Comparing Scanning Tools
McGovern, James F wrote:
> I have yet to find a large enterprise that has made a significant investment in such tools.
I’ll give you pointers to two. They’re two of the three largest software companies in the world.
http://news.com.com/2100-1002_3-5220488
Hi Jerry, as one of the creators of the tool you evaluated, I have to admit
I have the urge to comment on your message one line at a time and explain
each way in which the presentation you attended did not adequately explain
what Fortify does or how we do it. But I don't think the rest of the peop