Trends in security code reviews?

From: Bit Tamer (NO_deemaq_at_yahoo.comSPAM)
Date: 01/29/05

  • Next message: Michael Schmidt: "Re: Simple Questions re HTTPS" 
    Date: Sat, 29 Jan 2005 00:55:17 GMT

    I am looking for pointers to info about how many companies are doing
    security code reviews (as a normal part of software development) now
    compared to 2003 or 2002. I would expect that the number is increasing, but
    would like some credible background info. Along those lines, can there be a
    way to assess how many professionals are truly qualified to do security code
    reviews?

    Also, does anyone have pointers to info that shows losses incurred by
    companies that don't do security code reviews compared to companies that do?

    And yes, I'm looking for this info to help justify to management that
    implementing a software security program will provide a positive ROSI
    (Return on Security Investment).

    Thanks for any information.

    Bit Tamer, CISSP

  • Next message: Michael Schmidt: "Re: Simple Questions re HTTPS"