[SC-L] Michael Howard's Web Log : Introducing SAFECode
FYI, from Michael Howard's blog: "Today SAFECode, the Software Assurance Forum for Excellence in Code, introduced its first white paper, "Software Assurance: An Overview of Current Industry Best Practices." The organization was founded by Microsoft, Symantec, EMC, SAP and Juniper to advance understanding and practices related to secure development and integrity controls. Our goal is to raise the security bar across the software industry to reduce vulnerabilities." Complete blog text, along with links to SAFECode and the white paper can be found here: http://blogs.msdn.com/michael_howard/archive/2008/02/14/introducing-safecode.aspx Cheers, Ken - Kenneth R. van Wyk SC-L Moderator KRvW Associates, LLC http://www.KRvW.com smime.p7s Description: S/MIME cryptographic signature ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
[SC-L] Darkreading: code scanning
Hi sc-l, This month, my darkreading column is about code scanning. Remember that flurry in the press about Coverity's scan project where half of the stories were positive and the other half negative? That prompted me to write this column (started with a Justice League posting as some of you will recall). Topics: open source, code scanning, architectural risk analysis, declaring security victory http://www.darkreading.com/document.asp?doc_id=146053&WT.svl=column1_1 In a sentence: code scanning is good and everyone should be doing it, but don't declare security too early and never forget the architecture. gem company www.cigital.com podcast www.cigital.com/silverbullet blog www.cigital.com/justiceleague book www.swsec.com ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___