Karen is of course right. At the very least, high quality source code
design and software is a lot easier to assess and secure than the
alternative.
--
Jim Manico
VP, Security Architecture
WhiteHat Security
(808) 652-3805
On Mar 7, 2012, at 4:09 PM, "Goertzel, Karen [USA]"
wrote:
Unfortunately
Oops. I meant to say "touching faith" not "touching lack of faith".
===
Karen Mercedes Goertzel, CISSP
From: "Goertzel, Karen [USA]"
mailto:goertzel_ka...@bah.com>>
Date: Wed, 7 Mar 2012 09:53:18 -0500
To: Martin Gilje Jaatun mailto:secse-ch...@sislab.no
Karen is right. That is a legacy of Watts Humphrey.
gem
From: "Goertzel, Karen [USA]"
mailto:goertzel_ka...@bah.com>>
Date: Wed, 7 Mar 2012 09:53:18 -0500
To: Martin Gilje Jaatun mailto:secse-ch...@sislab.no>>,
Secure Code Mailing List mailto:SC-L@securecoding.org>>
Subject: Re: [SC-L] Fwd: [S
Unfortunately, it seems like the SWEBOK folks still believe that if you have
high-quality software, that will be sufficient to assure robustness against
intentional threats. It also shows a touching lack of faith that there will
never be an malicious participant in the SDLC intentionally sabotag
Hi SC-L,
I would have hoped that "Software Security" should have been a topic
area in SWEBOK, right alongside "Software Quality", but it doesn't look
like it...
-Martin
Opprinnelig melding
Emne: [SEWORLD] SWEBOK Version 3 Call for Reviewers
Dato: Fri, 2 Mar 2012 10:53:2
