hi sc-l, Using the software security framework introduced in October (A Software Security Framework: Working Towards a Realistic Maturity Model <http://www.informit.com/articles/article.aspx?p=1271382>), we interviewed nine executives running top software security programs in order to gather real data from real programs. Our goal is to create a maturity model based on these data, and we're busy working on that (stay tuned here for more). However, in the course of analyzing the data we gathered, we unearthed some surprises that we share in this month's informIT article:
http://www.informit.com/articles/article.aspx?p=1315431 My bet is that some of the findings will come as a surprise to sc-l readers as well. Check the article out. Merry New Year to you all. gem company www.cigital.com podcast www.cigital.com/silverbullet blog www.cigital.com/justiceleague book www.swsec.com _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
