morning
10:10 at Purple 310. We're bringing hard copies of the paper to
distribute at the talk, and we'd love to see you there.
Cheers,
--
Rohit Sethi
Security Compass
http://www.securitycompass.com
___
Secure Coding mailing list (SC-L) SC-L
security community.
___
--
Rohit Sethi
Security Compass
http://www.securitycompass.com
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com
to
solicit feedback from the security community prior to turning it into
an official project.
Here’s the link to the paper:
http://labs.securitycompass.com/papers/secure-web-application-framework-manifesto-v0-05.pdf
--
Rohit Sethi
Security Compass
http://www.securitycompass.com
___
--
Rohit Sethi
Security Compass
http://www.securitycompass.com
twitter: rksethi
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman
We just put together a post primarily aimed at architects and lead
developers of web apps. Check it out:
http://labs.securitycompass.com/index.php/2011/02/10/5-key-design-decisions-that-affect-security-in-web-applications/
--
Rohit Sethi
Security Compass
http://www.securitycompass.com
twitter
not
also look at joining efforts with something like the Rugged Manifesto
movement? fwiw.
On 3/11/11 1:14 PM, Rohit Sethi wrote:
Last year we released a project called the Secure Web Application
Framework Manifesto on OWASP. I'd like to announce that we're closing
it, in favor of simply working
this? Does §164.312(c)(2) simply boil down to
sufficient access control?
--
Rohit Sethi
SD Elements
http://www.sdelements.com
twitter: rksethi
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com
to prescribe a remedy
And I got lots of money but it isn't what I need
Gonna take more than a shot to get this poison outta me
And I got all the symptoms, count 'em 1, 2, 3
;)
Jim Manico
On Apr 26, 2011, at 2:35 AM, Rohit Sethi rkli...@gmail.com wrote:
Hi all,
Has anyone had to deal
has lived through developing a secure
SDLC I'd love to hear your thoughts about the model's accuracy / relevancy.
If you know of any practical whitepapers / articles that might be of use to
somebody responsible for moving to the next in this model then please let me
know.
Cheers,
--
Rohit Sethi
Jul 2011 15:48:50 -0400
To: 'Rohit Sethi' rkli...@gmail.commailto:rkli...@gmail.com, Secure
Code Mailing List SC-L@securecoding.orgmailto:SC-L@securecoding.org
Subject: Re: [SC-L] The Organic Secure SDLC
Rohit – How is this different from BSIMM?
Thanks,
Anurag Agarwal
MyAppSecurity Inc
the wall is a point in the curve
where the effort is high.
Anyways, this is just the order that some firms seem to adopt activities
in their lifecycles. It is not a lifecycle.
Paco
--
Rohit Sethi
SD Elements
http://www.sdelements.com
twitter: rksethi
for every company it is not.
- Jim Manico
--
Rohit Sethi
SD Elements
http://www.sdelements.com
twitter: rksethi
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc
Kevin, that's fantastic insight. If you convert it to a blog posting I'll
add a link to it
On Thu, Jul 28, 2011 at 1:01 PM, Wall, Kevin kevin.w...@qwest.com wrote:
Rohit Sethi wrote:
** **
Recently I sent a note about the Organic Progression of the Secure SDLC.
One
gets burned in to QA like
other problems in software development, making the team responsible for
security in reviews and testing etc. That's a big step to get to.
/Jim
- Original Message -
From: Rohit Sethi rkli...@gmail.com
Date: Tuesday, July 19, 2011 4:18 pm
Subject: Re
14 matches
Mail list logo