[Owasp-singapore] [security-77] Why our next generation of IS pros have to be software experts

Wong Onn Chee ocwong at usa.net
Sun Oct 18 22:10:21 EDT 2009


Hi Ben,

Thanks for your kind support of my $0.02. :-)

That is one thing I will like to voice out, if you do not mind.

I think your claim about MS' SDL is the most mature and comprehensive
may not be substantiated.

For example, the IBM folks may counter that their SDL is more mature
since IBM has been around way longer than MS.

My view is that no one is the best (that's why MS continues to have
bugs, right?) and we just have to constantly learn from multiple sources
to extract the best from each source.




On 10/19/2009 09:40 AM, Ben wrote:
> I strongly agree with this view.
>
> Microsoft's Security Development Lifecycle (SDL) is the most mature
> and comprehensive in the industry:
> http://msdn.microsoft.com/en-us/security/cc448177.aspx
>
> The Process Guidance is a free download:
> http://msdn.microsoft.com/en-us/security/cc420639.aspx
>
> There is a definite opportunity to provide SDL training and
> consultation services in SEA. The SDL Pro Network would facilitate the
> process of receiving MSFT recognition:
> http://msdn.microsoft.com/en-us/security/dd219581.aspx
>
>
> On Mon, Oct 19, 2009 at 9:31 AM, Wong Onn Chee <ocwong at usa.net
> <mailto:ocwong at usa.net>> wrote:
>
>
>       Programmer slip-up produces critical bug, Microsoft admits
>
>
>     http://www.computerworld.com/s/article/9139471/Programmer_slip_up_produces_critical_bug_Microsoft_admits?source=CTWNLE_nlt_security_2009-10-16
>
>
>     Back to my constant pitch that most, if not all, security issues
>     originate from software.
>
>     Hence, we need the next generation of IS pros to be software
>     experts in being about to *prevent*, not just mitigate, security
>     vulnerabilities.
>
>     The "a-peh" or older generation of IS pros had been playing a
>     reactive game, mainly restricting ourselves to the OS and network.
>     We need to change how we play to better survive in the new era.
>
>     I hope this is a wake-up call for IS pros to engage more in the
>     software development circle.
>
>     Just my $0.02.
>
>     Cheers
>     Onn Chee
>
>
>
>
>
>
>
>
>
>
>     --
>     Please Note: If you hit "*REPLY*", your message will be sent to
>     *everyone* on this mailing list (security-77 at meetup.com
>     <mailto:security-77 at meetup.com>)
>     This message was sent by Wong Onn Chee (ocwong at usa.net
>     <mailto:ocwong at usa.net>) from The Singapore Security Meetup Group
>     <http://www.meetup.com/SGSecurityMG/>.
>     To learn more about Wong Onn Chee, visit his/her member profile
>     <http://www.meetup.com/SGSecurityMG/members/1756147/>
>     To unsubscribe or to update your mailing list settings, click here
>     <http://www.meetup.com/account/comm/>
>
>     Meetup Inc. PO Box 4668 #37895 New York, New York 10163-4668 |
>     support at meetup.com <mailto:support at meetup.com>
>
>
>
>
> -- 
> Ben van der Merwe
> ben at vandermerwe.org <mailto:ben at vandermerwe.org>
> Skype: benatvandermerwe.org <http://benatvandermerwe.org>
>
>
>
>
> --
> Please Note: If you hit "*REPLY*", your message will be sent to
> *everyone* on this mailing list (security-77 at meetup.com
> <mailto:security-77 at meetup.com>)
> This message was sent by Ben (ben at vandermerwe.org) from The Singapore
> Security Meetup Group <http://www.meetup.com/SGSecurityMG/>.
> To learn more about Ben, visit his/her member profile
> <http://www.meetup.com/SGSecurityMG/members/7773382/>
> To unsubscribe or to update your mailing list settings, click here
> <http://www.meetup.com/account/comm/>
>
> Meetup Inc. PO Box 4668 #37895 New York, New York 10163-4668 |
> support at meetup.com 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/mailman/private/owasp-singapore/attachments/20091019/d744baa8/attachment.html 


More information about the Owasp-singapore mailing list