Dear list members.
In june 2007, I had an interesting conversation with
Mr. Will Hayes from SEI during the Brazilian Symposium
on Software Quality. It was a great experience and I
am very grateful for this.
During our conversation, I made a question to Mr.
Hayes similar to this: Is it possible
I've always had a question about this as well; specifically, what is really
meant by adding security to a CMM?
I've always felt that the level at which the software (or system) process is
defined by a CMM is too high and too abstract for the addition of security
activities to be particularly
A simple way to understand why implementing software development
process improvement will not necessarily produce secure software is to
read the Common Criteria.
yes, I know that it's opaque and hard to understand, but once you have
gone through the process of writing a Protection Profile for
