________________________________
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of McGovern, James F
(HTSC, IT)
Sent: 22 May 2007 14:48
To: SC-L@securecoding.org
Subject: [SC-L] Tools: Evaluation Criteria
We will shortly be starting an evaluation of tools to assist in
the secure coding practices initiative and have been wildly successful
in finding lots of consultants who can assist us in evaluating but
absolutely zero in terms of finding RFI/RFPs of others who have
travelled this path before us. Would especially love to understand
stretch goals that we should be looking for beyond simple stuff like
finding buffer overflows in C, OWASP checklists, etc.
[PNA]
For some "stretch goals ", take a look at www.sparkada.com and
some of the published papers there, especially one on a project called
Tokeneer.
(Caveat: I am commercially involved in the SPARK tools.
In my travels, it "feels" as if folks are simply choosing tools
in this space because they are the market leader, incumbent vendor or
simply asking an industry analyst but none seem to have any "deep"
criteria. I guess at some level, choosing any tool will move the needle,
but investments really should be longer term.
[PNA]
Agreed
Peter
--------------------------------------------------------
Peter Amey BSc ACGI CEng CITP MRAes FBCS
CTO (Software Engineering)
direct: +44 (0) 1225 823761
mobile: +44 (0) 7774 148336
[EMAIL PROTECTED]
Praxis High Integrity Systems Ltd
20 Manvers St, Bath, BA1 1PX, UK
t: +44 (0)1225 466991
f: +44 (0)1225 469006
w: www.praxis-his.com <http://www.praxis-his.com/>
--------------------------------------------------------
This email is confidential and intended solely for the use of the individual to
whom it is addressed. If you are not the intended recipient, be advised that
you have received this email in error and that any use, disclosure, copying or
distribution or any action taken or omitted to be taken in reliance on it is
strictly prohibited. If you have received this email in error please contact
the sender. Any views or opinions presented in this email are solely those of
the author and do not necessarily represent those of Praxis.
Although this email and any attachments are believed to be free of any virus or
other defect, no responsibility is accepted by Praxis or any of its associated
companies for any loss or damage arising in any way from the receipt or use
thereof. The IT Department at Praxis can be contacted at [EMAIL PROTECTED]
Praxis High Integrity Systems Ltd:
Company Number: 3302507, registered in England and Wales
Registered Address: 20 Manvers Street, Bath. BA1 1PX
VAT Registered in Great Britain: 682635707
_______________________________________________
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________
