hi sc-l,

One of the biggest hurdles facing software security is the problem of how to 
get started, especially when faced with an enterprise-level challenge.  My 
first darkreading column for 2008 is about how to get started in software 
security.  In the article, I describe four approaches:
1. the top-down framework;
2. portfolio risk;
3. training first; and
4. leading with a tool.

We've tried them all with some success at different Cigital customers.

Are there other ways to get started that have worked for you?

By the way, I can use your help.  Darkreading is beginning to track reaction to 
topics more carefully than in the past.  You can help make software security 
more prominent by reading the article and passing the URL on to others you may 
find interested.  Another thing that helps is posting to the message boards.  
Thanks in advance.

Here's to even more widespread software security in 2008!


company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book www.swsec.com

Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.

Reply via email to