Hi sc-l,

This month, my darkreading column is about code scanning.   Remember that 
flurry in the press about Coverity's scan project where half of the stories 
were positive and the other half negative?  That prompted me to write this 
column (started with a Justice League posting as some of you will recall).

Topics: open source, code scanning, architectural risk analysis, declaring 
security victory


In a sentence: code scanning is good and everyone should be doing it, but don't 
declare security too early and never forget the architecture.


company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book www.swsec.com

Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.

Reply via email to