OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
NFR Wizards Archive: Re: Re[2]: Penetration testing via shrinkw

Re: Re[2]: Penetration testing via shrinkware


Marcus J. Ranum (mjrnfr.net)
Tue, 22 Sep 1998 17:40:53 -0400


Richard Christie wrote:
>What your really driving at Marcus is developing software in a trusted manner.
>Companies developing Firewall software should be evaluated by SEI for a
>Capability Maturity Model (CMM) rating.

ARrrggghhHH!!!!

More formalistic nonsense scams! Does someone's ability to
predictably generate documentation really correlate to their
ability to produce a good product that works?? The SEI evaluation
may have some validity, but it strikes me more like an attempt
to do one of those ISO9000-oid certification scams.

It's important that people developing security products know
what they're doing, and know how to write security critical
code -- but I can't think of a practical way to legislate it.

mjr.

--
Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
work - http://www.nfr.net
home - http://www.clark.net/pub/mjr



This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:11:47 CDT