James McGovern wrote...
Maybe folks are still building square windows because we haven't
realized how software fails and can describe it in terms of a pattern.
The only pattern-oriented book I have ran across in my travels is the
Core Security Patterns put out by the folks at Sun. Do you
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Wall, Kevin
Sent: 24 May 2007 12:45
To: McGovern, James F (HTSC, IT)
Cc: SC-L@securecoding.org
Subject: Re: [SC-L] Tools: Evaluation Criteria
James McGovern wrote...
Maybe folks are still
is also equally useful.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Steven M. Christey
Sent: Tuesday, May 22, 2007 12:53 PM
To: McGovern, James F (HTSC, IT)
Cc: SC-L@securecoding.org
Subject: Re: [SC-L] Tools: Evaluation Criteria
On Tue, 22 May 2007
[snip]
Good to see that folks are expanding the criteria in terms of
what it scans for, but criteria as to how it integrates is
also equally useful.
On the contrary I find the idea of evaluating tools by what they scan
for very disturbing. It shows a continuing belief that software
We will shortly be starting an evaluation of tools to assist in the secure
coding practices initiative and have been wildly successful in finding lots of
consultants who can assist us in evaluating but absolutely zero in terms of
finding RFI/RFPs of others who have travelled this path before
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of McGovern, James F
(HTSC, IT)
Sent: 22 May 2007 14:48
To: SC-L@securecoding.org
Subject: [SC-L] Tools: Evaluation Criteria
We will shortly
On Tue, 22 May 2007, McGovern, James F (HTSC, IT) wrote:
We will shortly be starting an evaluation of tools to assist in the
secure coding practices initiative and have been wildly successful in
finding lots of consultants who can assist us in evaluating but
absolutely zero in terms of