Since this is the week of the top-lists related to secure coding, I thought I'd notify the SC-L people about a new collaboration between SANS and MITRE. We are creating a Top 25 list of the worst programming errors, targeted largely at developers, software managers, and CIOs.
The list is not as high-level as the OWASP Top Ten, and not focused just on web applications; it attempts to provide actionable details to programmers with an informal tone. Some SC-L subscribers are already aware of it and have provided feedback. The initial announcement was in late November; see http://www.sans.org/resources/top25/ So far, we have reached out to and received input from major software vendors, security tool vendors, consultants, the OWASP ESAPI group, and others in industry, academia, and government. We have one or two more rounds of review before the Top 25 list is published in early January. I'd been meaning to contact this list, but it slipped my mind until the latest flurry of activity. If you want to participate, feel free to contact me and Bob Martin (ramar...@mitre.org) directly. Thanks, Steve _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
