Re: [SC-L] A New Open Source Approach to Weakness
Fortify has graciously donated these vulnerability writeups to OWASP, where they will be maintained wikipedia-style. We have a strong team of reviewers in place to review all changes daily. There are a total of almost 500 vulnerabilities now, from Fortify, CLASP, and many other sources. We're creating an interlinked knowledgebase of common application security principles, threats, attacks, vulnerabilities, and countermeasures. Anyone can participate, so come help us out. http://www.owasp.org/index.php/Category:OWASP_Honeycomb_Project --Jeff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gergely Buday Sent: Wednesday, August 09, 2006 10:08 AM To: Secure Coding Subject: [***SPAM (header)***] - Re: [SC-L] A New Open Source Approach to Weakness - Email found in subject On 09/08/06, Kenneth Van Wyk <[EMAIL PROTECTED]> wrote: > > FYI, here's an article about Fortify's pernicious kingdom taxonomy of common > coding defects that I thought would be of interest here: > > http://www.internetnews.com/dev-news/article.php/3623751 The link to the original paper is: http://vulncat.fortifysoftware.com/docs/tcm_taxonomy_submission.pdf Cheers - Gergely ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php
Re: [SC-L] A New Open Source Approach to Weakness
Also note that there is a chapter in "software security" about the pernicious kingdoms...www.swsec.com. gem company www.cigital.com podcast www.cigital.com/silverbullet book www.swsec.com -Original Message- From: Gergely Buday [mailto:[EMAIL PROTECTED] Sent: Wed Aug 09 10:53:52 2006 To: Secure Coding Subject:Re: [SC-L] A New Open Source Approach to Weakness On 09/08/06, Kenneth Van Wyk <[EMAIL PROTECTED]> wrote: > > FYI, here's an article about Fortify's pernicious kingdom taxonomy of common > coding defects that I thought would be of interest here: > > http://www.internetnews.com/dev-news/article.php/3623751 The link to the original paper is: http://vulncat.fortifysoftware.com/docs/tcm_taxonomy_submission.pdf Cheers - Gergely ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php This electronic message transmission contains information that may be confidential or privileged. The information contained herein is intended solely for the recipient and use by any other party is not authorized. If you are not the intended recipient (or otherwise authorized to receive this message by the intended recipient), any disclosure, copying, distribution or use of the contents of the information is prohibited. If you have received this electronic message transmission in error, please contact the sender by reply email and delete all copies of this message. Cigital, Inc. accepts no responsibility for any loss or damage resulting directly or indirectly from the use of this email or its contents. Thank You. ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php
Re: [SC-L] A New Open Source Approach to Weakness
On 09/08/06, Kenneth Van Wyk <[EMAIL PROTECTED]> wrote: > > FYI, here's an article about Fortify's pernicious kingdom taxonomy of common > coding defects that I thought would be of interest here: > > http://www.internetnews.com/dev-news/article.php/3623751 The link to the original paper is: http://vulncat.fortifysoftware.com/docs/tcm_taxonomy_submission.pdf Cheers - Gergely ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php
[SC-L] A New Open Source Approach to Weakness
FYI, here's an article about Fortify's pernicious kingdom taxonomy of common coding defects that I thought would be of interest here:http://www.internetnews.com/dev-news/article.php/3623751Cheers,Ken-Kenneth R. Van WykKRvW Associates, LLChttp://www.KRvW.com ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php