Once an application is released or put into production, what are organizations doing to keep the applications secure? As new vulnerabilities and classes of exploits are released, how is that information being fed back to developers so they can update/patch in the software. At the network most organizations have a Network Operations Center (NOC) and some have a Security Operations Center (SOC) to look for problems and make changes to the network to defend against the problem. What is the equivalent at the software development level?
Is there a formal method other than reacting to incidents? Is there a sort of Operations or Intelligence cell that proactively finds and processes new information and feeds that info back to the design and development teams so they can update the software? Andy _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________