I have been working on developing a series of documents to turn the
ideas encompassed on this list and in what I can find in books &
articles.  I am not finding, and it may just be I am looking in the
wrong places, for any information on how people are actually
implementing the concepts.  I have found the high level ideas (like in
"Software Security" and the MS SDL) and the low level code level
rules, but there does not seem to be any information on how these two
are being merged and used in actual development projects.  Are there
any non-proprietary materials out there?

If there are none, could this be part of the problem of getting secure
development/design/testing/coding out into the real world?


Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.

Reply via email to