Hi Stephen,
I agree that would be interesting. While we have data at the firm level for all
BSIMM participants, and at the BU level for many BSIMM participants, we don't
formally capture data on development methodology (as opposed to software
security activities) for each development team
Hello everyone,
To reinforce Mason's request, we're looking for any collection of controls
(contractual, technical, people, process, etc.) that organizations should
request, demand, cajole, enforce, etc. when out-sourcing software development
to ensure the required software security in the
lifecycle, Routh says. This is a
three-year-old initiative that educates and certifies developers in all DTCC
environments in security. Developers are also provided with the necessary
code-scanning tools and consulting and services help to keep production code
close to pristine.
--Sammy.
Sammy Migues
organization that wants to
succeed can afford to have someone in charge of success, but that's just my
opinion and isn't relevant to BSIMM.
Cheers,
--Sammy.
-Original Message-
From: Pravir Chandra [mailto:chan...@list.org]
Sent: Tuesday, March 10, 2009 6:31 PM
To: Sammy Migues
Cc: sc-l
on
the survey findings and a chance to win one of 3 Apple iPod touch devices.
Thank you for your participation.
Sincerely,
Michael Maziarz
Safelight Security Advisors
[EMAIL PROTECTED]
Sammy Migues
Cigital
[EMAIL PROTECTED]
___
Secure Coding mailing list (SC-L
: Monday, August 20, 2007 2:09 PM
To: Johan Peeters
Cc: Sammy Migues; sc-l@securecoding.org
Subject: Re: [SC-L] Software Security Training for Developers
Hi Sammie and Yo,
Tkx for the good highlevel insights. A few
questions, I'm interested specifically for
developer/designers, but I'm sure others
(long) thoughts on an approach for training. You
can see them at
http://www.cigital.com/justiceleague/2007/06/25/training-material-training-and-behavior-modification-part-1-of-3-%e2%80%93-training-material/.
--Sammy.
Sammy Migues
Director, Knowledge Management and Training
703.404.5830 - http