James McGovern muses:
Good to run across Sun employees such as Gerald at OWASP chapter meetings. Hopefully for the next event, he can figure out how to bring down a dozen or so folks from Sun labs. After all, they probably understand the need for writing secure code more than the Microsoft crowd. This makes me wonder if Pat Patterson has ever attended OWASP meetings on his side of town?
Would be great to see Sun get involved with OWASP, but I see no evidence that they understand the need for writing secure code more so than Microsoft. In fact I see every evidence that Sun is several years behind Microsoft on software security. Let's do the list - Howard/Leblanc's work, threat modeling, software security patterns and practices, SDL, SecPal, BlueHat, OWASP guidance work and that is all before we get to identity stuff. From what I see its a yawning gap. Would be great if Sun would re-discover its engineering roots at some point, but right now I don't think they are even in the conversation.
Well you also have to consider that Mark and I founded OWASP; and both work for Microsoft. ;-)
Posted by: Dennis | May 13, 2008 at 01:44 AM