Another approach is decentralized specialized teams, centers of excellence
in current managementspeak, with a specific agenda and expertise on an area
deemed strategic. This approach is probably best paired with 2,3, or 4 from
your list. For example, a roving specialized threat modeling team that
Gary,
Interesting article. May I ask, why get started with only one of these
approaches? Since 1-3 effects different parts of the organization
(portfolio risk seems like a biz-management approach, top-down framework
seems to effect software development management, and training effects
/justiceleague
book www.swsec.com
-Original Message-
From: Gunnar Peterson [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 09, 2008 10:00 PM
To: Gary McGraw; Secure Mailing List
Subject: Re: [SC-L] Darkreading: Getting Started
Another approach is decentralized specialized teams, centers
hi sc-l,
One of the biggest hurdles facing software security is the problem of how to
get started, especially when faced with an enterprise-level challenge. My
first darkreading column for 2008 is about how to get started in software
security. In the article, I describe four approaches:
1.
