OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
NFR Wizards Archive: Re: Penetration testing via shrinkware

Re: Penetration testing via shrinkware

David Collier-Brown (davecbcanada.sun.com)
Wed, 23 Sep 1998 12:14:04 -0400

Marcus J. Ranum wrote:
>
> Richard Christie wrote:
> >What your really driving at Marcus is developing software in a trusted manner.
> >Companies developing Firewall software should be evaluated by SEI for a
> >Capability Maturity Model (CMM) rating.
>

Marcus J. Ranum wrote:
> ARrrggghhHH!!!!
>> More formalistic nonsense scams! Does someone's ability to
> predictably generate documentation really correlate to their
> ability to produce a good product that works?? The SEI evaluation
> may have some validity, but it strikes me more like an attempt
> to do one of those ISO9000-oid certification scams.

        SEI is trying for reproducability, to oversimplify slightly.
        This is an orthogonal, if similar, goal to trusteable development.

        I wouldn't expect to find any causual relationships between
        the two: more like both will be caused by a third factor.

--dave 

-- 
David Collier-Brown,  | Cherish your enemies.  They're harder to
185 Ellerslie Ave.,   | come by than friends and more motivated.
Willowdale, Ontario   | davecbcanada.sun.com, hobbes.ss.org
N2M 1Y3. 416-223-8968 | http://java.science.yorku.ca/~davecb

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:11:47 CDT