Network Security: Detailed info on Re: "Selling" a code-audit.

Subject:	Re: "Selling" a code-audit.
Date:	Thu, 2 Sep 2004 12:35:35 +0600

It's your job after all, not like you are out there just
to bug everyone. Therefore be friendly, backed up with a
company-level procedure and clench your teeth.

Sincerely,
Dmitry Dvoinikov
http://www.targeted.org/

--- Original message follows ---

One of my primary responsibilities with my employer is performing code
audits; so far I have been fairly effective in a technical capacity, however
on almost every single code audit I have participated in I have received
hostile responses from the development team.  I have tried a variety of
approaches to develop a stronger rapport with the development team, however
in spite of my best efforts I find that going into a code audit I am already
fighting against preconceptions about why the code audit is being performed.

I understand that many people feel threatened when work they have done is
criticized; what I need to know is how I can minimize this and coax the
development teams into being more interactive than defensive.  Any pointers?

Yvan Boily

<Prev in Thread]	Current Thread	[Next in Thread>
"Selling" a code-audit., Yvan Boily Re: "Selling" a code-audit., Dmitry Dvoinikov <= Fwd: "Selling" a code-audit., John T. Cox RE: "Selling" a code-audit., Aleksander P. Czarnowski Re: "Selling" a code-audit., Eric Murray Re: "Selling" a code-audit., Adam Shostack Re: "Selling" a code-audit., Warwick Molloy RE: "Selling" a code-audit., Alexandre Sieira RE: "Selling" a code-audit., Michael Howard RE: "Selling" a code-audit., Calderon, Juan Carlos (GE Commercial Finance, NonGE) RE: "Selling" a code-audit., Browne, Derek Re: "Selling" a code-audit., Travis Schack

Previous by Date:	RE: "Selling" a code-audit., Browne, Derek
Next by Date:	Security Issues with STL?, D K
Previous by Thread:	"Selling" a code-audit., Yvan Boily
Next by Thread:	Fwd: "Selling" a code-audit., John T. Cox
Indexes:	[Date] [Thread] [Top] [All Lists]