All, OWASP has a document which was targeted at the Brazilian government at first and then translates into English. It contains several proposals of government actions to improve the application security (and information security) landscape.
The English version is available here: https://www.owasp.org/index.php/OWASP_Brasil_Manifesto/en The original version is here: https://www.owasp.org/index.php/OWASP_Brasil_Manifesto Hope this fits as concrete proposals. ;-) Regards, Lucas On Thu, Aug 9, 2012 at 10:45 AM, Iván Arce <ivan.w.a...@gmail.com> wrote: > Gary, > > Could you elaborate a bit more? Specifically, what kind of incentives > you have in mind? How would they work? > > The debate about what to do to improve software security at a national > or larger scale is mostly populated with abstractions and generic ideas > but the enumeration and description of concrete, specific measures to > deploy is notably scant. > > -ivan > > On 8/3/12 9:32 AM, Gary McGraw wrote: >> hi greg, >> >> Good question. I'm biased of course, but I think a BSIMM type measurement >> is the best way to approach this. (See http://bsimm.com.) However, >> regardless of measurement I strongly believe that incentives are way >> better than regulations and penalties. >> > > _______________________________________________ > Secure Coding mailing list (SC-L) SC-L@securecoding.org > List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l > List charter available at - http://www.securecoding.org/list/charter.php > SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) > as a free, non-commercial service to the software security community. > Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates > _______________________________________________ -- Homo sapiens non urinat in ventum. _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
