Time to COME ON DOWN... to the securitymetrics list/conf... and join in the fun!
MiniMetricon coming up in SF http://www.securitymetrics.org/content/Wiki.jsp?page=Metricon3.5 S'got to be more about these guys too http://www.sei.cmu.edu/ D. On Wed, Apr 8, 2009 at 1:17 PM, Jon Kibler <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Larry Seltzer wrote: >> Below is the section of S.773 mandating that NIST establish ?measurable >> and auditable cybersecurity standards? for systems and networks. >> >> Do standards along these lines exist already? I guess I?d be surprised >> if nothing like this exists, but the only ones I?m aware of don?t have a >> lot of real world-relevance, like C1 and B certifiability. >> >> Some of it is already in place or at least being worked on, like the >> standard configurations (see >> http://www.eweek.com/c/a/Security/Standardizing-the-Federal-Desktop/) or >> the vulnerability specification stuff. >> >> Do others think the other elements and the big picture of this is practical? >> >> Larry Seltzer >> eWEEK.com Security Center Editor >> http://security.eweek.com/ >> http://blogs.pcmag.com/securitywatch/ >> Contributing Editor, PC Magazine >> [email protected] >> <mailto:[email protected]> > > Larry, > > All standards with which I am familiar, and I think I have a good grasp > of what is out there, have to do with: > 1) Hardening systems and networks > 2) Policy and Processes > 3) Best Practices > > I am not familiar with anything that addresses software development > security per se. As I recall, even IEEE/ISO 12207, which replaced the > old MilStd-498, does not address software security processes. > > I think that spending money to specify the best practices for software > security and developing secure software is a great place to put our tax > dollars. It will be money well spent. > > Jon > - -- > Jon R. Kibler > Chief Technical Officer > Advanced Systems Engineering Technology, Inc. > Charleston, SC USA > o: 843-849-8214 > c: 843-813-2924 (NEW!) > s: 843-564-4224 > http://www.linkedin.com/in/jonrkibler > > My PGP Fingerprint is: > BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253 > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.8 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAkncF1UACgkQUVxQRc85QlN1DACfc/e8uxz7wc8u2podQ6Fm1O5O > cnwAnjR72u66DoR97fKuyG5qEodvKsMZ > =tk/n > -----END PGP SIGNATURE----- > > > > > ================================================== > Filtered by: TRUSTEM.COM's Email Filtering Service > http://www.trustem.com/ > No Spam. No Viruses. Just Good Clean Email. > > > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. > -- ________________________________________________________________________________ Donal ( http://bsdosx.blogspot.com/ ) "Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius -- and a lot of courage -- to move in the opposite direction." Albert Einstein _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
