Hi all
I've been tasked with developing a secure coding standard for my
employer. This will be a policy tool used to get developers to fix
issues in their code after an audit, and also hopefully be of use to
developers as they work to ensure they are compliant. The kicker is it
needs to cover
Pete Werner wrote:
Hi all
I've been tasked with developing a secure coding standard for my
employer. This will be a policy tool used to get developers to fix
issues in their code after an audit, and also hopefully be of use to
developers as they work to ensure they are compliant. The kicker
Awhile back, I got asked the same question and realized that at some
level the question is flawed. Many large enterprises have standards
documents that sit on the shelf and the need to create more didn't feel
right. Instead, we feel to the posture that we should inverse the
problem and instead
The OWASP materials are fairly language neutral. The closest document
to your current requirements is the Developer Guide.
I am also developing a coding standard for Owasp with a likely
deliverable date next year. I am looking for volunteers to help with
it, so if you want a document that
All,
James McGovern hits the core issue with his post, though I'm not sure how many
organizations are self-aware enough to realize it. In practice, his
philosophical quandary plays out through a few key questions. Do I:
1) Write technology-specific best-practices or security policy?
2) Couch
