[SCADASEC] SAFECode on software assurance
Cassidy, Colin (GE Infra, Energy)
colin.cassidy at ge.com
Thu Feb 14 10:21:34 CST 2008
>
> At 9:48 AM -0600 2/14/08, Bob Radvanovsky wrote:
> > URL: http://www.gcn.com/online/vol1_no1/45811-1.html
>
> > The paper identifies and explains security best practices
> > and controls currently used by SAFECode members:
>
> > * Secure source code handling: The integrity and
> > confidentiality of source code must be protected.
>
> Confidentiality ? That sounds like security-by-obscurity if
> intended as a security measure.
>
> I realize that "SAFECode members" may have business reasons
> for confidentiality, but security is not a reason.
> --
Actually, reading the document itself, this comment specifically refers
to rogue insiders.
CJC
More information about the scadasec
mailing list