RE: [SC-L] RE: Comparing Scanning Tools

2006-06-09 Thread ljknews
At 2:32 PM -0400 6/9/06, Jeremy Epstein wrote: > Having said that, it's completely at odds compared to what I see working >for an ISV of a non-security product. That is, I almost never have >prospects/customers ask me what we do to assure our software. I don't even get those questions for our se

RE: [SC-L] RE: Comparing Scanning Tools

2006-06-09 Thread Jeremy Epstein
Title: Re: [SC-L] RE: Comparing Scanning Tools At the RSA Conference in February, I went to a reception hosted by a group called "Secure Software Forum" (not to be confused with the company Secure Software Inc, which offers a product competitive to Fortify).  They had a panel session where re

RE: [SC-L] RE: Comparing Scanning Tools

2006-06-09 Thread Dave Wichers
Title: Re: [SC-L] RE: Comparing Scanning Tools The OWASP Legal project took a crack at this: http://www.owasp.org/index.php/Category:OWASP_Legal_Project   This project developed a strawman Secure Software Development Contract annex which is available at: http://www.owasp.org/index.php/OWA

RE: [SC-L] RE: Comparing Scanning Tools

2006-06-09 Thread McGovern, James F (HTSC, IT)
Title: Re: [SC-L] RE: Comparing Scanning Tools I think I should have been more specific in my first post. I should have phrased it as I have yet to find a large enterprise whose primary business isn't software or technology that has made a significant investment in such tools.   Likewise, a

Re: [SC-L] RE: Comparing Scanning Tools

2006-06-09 Thread Gunnar Peterson
Title: Re: [SC-L] RE: Comparing Scanning Tools Right, because their customers (are starting to) demand more secure code from their technology. In the enterprise space the financial, insurance, healthcare companies who routinely lose their customer’s data and provide their customers with vulnerab

[SC-L] RE: Comparing Scanning Tools

2006-06-09 Thread Brian Chess
Title: RE: Comparing Scanning Tools McGovern, James F wrote: > I have yet to find a large enterprise that has made a significant investment in such tools. I’ll give you pointers to two.  They’re two of the three largest software companies in the world. http://news.com.com/2100-1002_3-5220488

[SC-L] Re: Comparing Scanning Tools

2006-06-09 Thread Brian Chess
Hi Jerry, as one of the creators of the tool you evaluated, I have to admit I have the urge to comment on your message one line at a time and explain each way in which the presentation you attended did not adequately explain what Fortify does or how we do it. But I don't think the rest of the peop