[SC-L] Reality Check: EMC Eric Baize
Kenneth Van Wyk
ken at krvw.com
Tue Mar 3 04:25:52 EST 2009
On Mar 3, 2009, at 10:11 AM, Gary McGraw wrote:
> Our fearless leader Ken gave a nice presentation on software
> security methodologies yesterday at secappdev. I wonder what he
> says about the Touchpoints when I'm not in the room?!
Thanks for the kind words. What I say about the Touchpoints,
Microsoft's SDL, or OWASP's CLASP remains the same whether you're in
the room or not. They all offer good points and bad points. I tend
to favor a hybrid approach that works well for me, which is what I
always recommend to my customers.
More importantly, though, I am eager to update the message with what
the companies who participated in the BSIMM are actually doing in
practice.
Cheers,
Ken
-----
Kenneth R. van Wyk
KRvW Associates, LLC
http://www.KRvW.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2252 bytes
Desc: not available
Url : http://krvw.com/pipermail/sc-l/attachments/20090303/93cdee93/attachment.bin
More information about the SC-L
mailing list