By now, pretty much everyone is familiar with PCI and section 6 which
outlines the ten things an application but resolve. Many of the secure
coding tools such as Ounce Labs, Klokwork, etc have automated the
ability to inspect code but have only focused on languages such as Java
and .NET. I would like to get a sense as to how others are approaching
the notion of secure coding for languages such as Smalltalk,
Powerbuilder, Oracle Forms, etc and whether there are any public sources
of information on these languages from a security perspective.

If I have to bust my brain and figure it out myself, I would also like
guidance as to how to make this information known so that ALL software
vendors who automate the code review process can implement...

This communication, including attachments, is
for the exclusive use of addressee and may contain proprietary,
confidential and/or privileged information.  If you are not the intended
recipient, any use, copying, disclosure, dissemination or distribution is
strictly prohibited.  If you are not the intended recipient, please notify
the sender immediately by return e-mail, delete this communication and
destroy all copies.

Secure Coding mailing list (SC-L)
List information, subscriptions, etc -
List charter available at -
SC-L is hosted and moderated by KRvW Associates, LLC (
as a free, non-commercial service to the software security community.

Reply via email to