Andy,
You wrote...
> I have been working on developing a series of documents to turn the
> ideas encompassed on this list and in what I can find in books &
> articles. I am not finding, and it may just be I am looking in the
> wrong places, for any information on how people are actually
> implem
Roman,
My starting point is sort of simple, how to weave secure development
into the basic SDLC. I am assuming that regardless of what you call
the steps most folks use a multi step process. Working with a 5 step
process (Plan, Design, Develop, Test, Deploy) what is added to each of
those steps.
Andy, I think this is a really good question. I am not aware of any
comprehensive non-proprietary materials that are available, although I know
lots of companies have developed this sort of thing either internally or with
the help of a consultancy (full disclosure: I'm a consultant). I would a
Hi Andy,
We build and then execute plans to do that kind of activity all the time at
Cigital. Unfortunately, the plans are all highly tailored to the politics and
operations of our specific customers, and they are proprietary.
Basically they do involve several aspects in common if you step way
I have been working on developing a series of documents to turn the
ideas encompassed on this list and in what I can find in books &
articles. I am not finding, and it may just be I am looking in the
wrong places, for any information on how people are actually
implementing the concepts. I have fo
I had just a quick query for everyone out there, with an attached thought.
How many security and/or secure coding professionals are prevalently
involved with the SXSW conference this week? I know, I know... it's a big
party for developers - particularly the Web 2.0 clique - but I'm just
curious.