Once an application is released or put into production, what are
organizations doing to keep the applications secure?  As new
vulnerabilities and classes of exploits are released, how is that
information being fed back to developers so they can update/patch in
the software.  At the network most organizations have a Network
Operations Center (NOC) and some have a Security Operations Center
(SOC) to look for problems and make changes to the network to defend
against the problem.  What is the equivalent at the software
development level?

Is there a formal method other than reacting to incidents?  Is there a
sort of Operations or Intelligence cell that proactively finds and
processes new information and feeds that info back to the design and
development teams so they can update the software?

Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.

Reply via email to