Hi All
Thank you for your replies, they have been very useful and will
certainly help identifying things that need to appear in the standard.
We're trying to make the standard something that is easily auditable,
and have decided to further split items into two categories, those that
should
.
-Dave
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Pete Werner
Sent: Friday, November 21, 2008 1:40 AM
To: Secure Coding
Subject: Re: [SC-L] Language agnostic secure coding
guidelines/standards?
Hi All
Thank you for your replies, they have been very
The CWE Research view (CWE-1000) is language-neutral at its higher-level
nodes, and decomposes in some areas into language-specific constructs.
Early experience suggests that this view is not necessarily
developer-friendly, however, because it's not organized around the types
of concepts that
: [SC-L] Language agnostic secure coding guidelines/standards?
Hi all
I've been tasked with developing a secure coding standard for my employer. This
will be a policy tool used to get developers to fix issues in their code after
an audit, and also hopefully be of use to developers as they work
Pete Werner:
I've been tasked with developing a secure coding standard for my
employer. everything i've found is mostly focussed on web
applications or language/platform specific. Does anyone know of
something that may be what I'm looking for?
It's not exactly what you're looking for, but
Hi all
I've been tasked with developing a secure coding standard for my
employer. This will be a policy tool used to get developers to fix
issues in their code after an audit, and also hopefully be of use to
developers as they work to ensure they are compliant. The kicker is it
needs to cover
Pete Werner wrote:
Hi all
I've been tasked with developing a secure coding standard for my
employer. This will be a policy tool used to get developers to fix
issues in their code after an audit, and also hopefully be of use to
developers as they work to ensure they are compliant. The kicker
] On Behalf Of Pete Werner
Sent: Wednesday, November 12, 2008 7:22 PM
To: Secure Coding
Subject: [SC-L] Language agnostic secure coding guidelines/standards?
Hi all
I've been tasked with developing a secure coding standard for my
employer. This will be a policy tool used to get developers to fix
The OWASP materials are fairly language neutral. The closest document
to your current requirements is the Developer Guide.
I am also developing a coding standard for Owasp with a likely
deliverable date next year. I am looking for volunteers to help with
it, so if you want a document that
All,
James McGovern hits the core issue with his post, though I'm not sure how many
organizations are self-aware enough to realize it. In practice, his
philosophical quandary plays out through a few key questions. Do I:
1) Write technology-specific best-practices or security policy?
2) Couch
10 matches
Mail list logo