Why not bootstrap a Fortune 500 Secure Coding Initiative to drive better products, services and share best practices in the software security space?Yes, if the customers demanded it, that might make some difference, and the vendors do pay the most attention to the biggest customers. Of course the biggest customer is the U.S. government, and they seem more interested in CYA than in actual security. And I’m a bit jaded on “best practices” due to reading Black Swans. But regardless of the specific form of better such a group demanded, demanding better security might make some difference.— Secure Coding Advocacy Group, Gunnar Peterson, 1 Raindrop, 23 October 2007
Maybe they could also demand risk management, which would including having watchers watching ipsos custodes. Not just in the circular never-ending hamster wheel of death style, but for actual improvemment.
-jsq