-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kenneth Van Wyk wrote: > > On Aug 7, 2007, at 7:01 AM, Francisco Nunes wrote: >> During our conversation, I made a question to Mr. >> Hayes similar to this: "Is it possible that only >> software development process improvements can produce >> secure software?" >> >> The scenario was only based on CMMI without security >> interference. > > All that follows is IMHO, of course... I would have to agree with you, > Francisco, that process improvements "without security interference" are > unlikely to produce significant changes in the security of the software > produced.
<snip rest of discussion> Hola all, Was waiting to see if anyone threw out the SSE-CMM (System Security Engineering Capability Maturity Model). Though it's directed at the whole SDLC and not just the software development process, IMHO it's good to have in one's back pocket when planning it . . . Cheers, /g -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGu6uPmuGMnN1wNOoRAscyAJ0Vecx3l73w0W1gLJnQnVD/Hj7Y2wCfaL7s Ilqrf32fLf2x7N1tlqR/2kE= =gGpu -----END PGP SIGNATURE----- _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________