Hi Ken,
I thought the driving force was your book, after all they named their
initiative after it.
Anyhow, I'll reiterate here what I blogged:
It would be very interesting to see an equivalent initiative from the
customer side (who are the lucky recipients who have to pay for all the
security vulns created by the above). I know as a consultant there are many
large companies struggling with similar secure coding issues exacerbated by
outsourcing to some degree, and a lot could be gained by a shared effort.
The analyst community like the vendors has more or less Fortune 500s out in
the dark, so this may be an area where a half dozen or so motivated security
architects and CISOs at Fortune 500s could band together to create a group
to help drive change. None of the other big players (analysts, vendors, big
consulting firms) seem to be doing it. Why not bootstrap a Fortune 500
Secure Coding Initiative to drive better products, services and share best
practices in the software security space?
-gp
On 10/23/07 1:55 PM, Kenneth Van Wyk [EMAIL PROTECTED] wrote:
Saw this story via Gunnar's blog (thanks!):
http://www.gcn.com/online/vol1_no1/45286-1.html
Any thoughts on new group, which is calling itself SAFEcode? Anyone
here involved in its formation and care to share with us what's the
driving force behind it?
Cheers,
Ken
-
Kenneth R. van Wyk
SC-L Moderator
KRvW Associates, LLC
http://www.KRvW.com
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___
On 10/23/07 1:55 PM, Kenneth Van Wyk [EMAIL PROTECTED] wrote:
Saw this story via Gunnar's blog (thanks!):
http://www.gcn.com/online/vol1_no1/45286-1.html
Any thoughts on new group, which is calling itself SAFEcode? Anyone
here involved in its formation and care to share with us what's the
driving force behind it?
Cheers,
Ken
-
Kenneth R. van Wyk
SC-L Moderator
KRvW Associates, LLC
http://www.KRvW.com
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___
--
Gunnar Peterson, Managing Principal, Arctec Group
http://www.arctecgroup.net
Blog: http://1raindrop.typepad.com
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___
