Mary ann has already been a victim. Do analysts count as practitioners??
gem
- Original Message -
From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
To: SecureMailing List
Sent: Mon Sep 29 15:08:55 2008
Subject: Re: [SC-L] Silver Bullet
Women to include are:
Diana Kelley of SecurityCurve
Ch
I strongly agree with James' ask. Its nice to hear from gurus, but we need to
hear about real world tradeoffs too. Sausage making aint pretty (ask Hank and
Ben), but its the real world and I for one am always fascinated with what
choices organizations make and why.
I am also very excited to hea
Women to include are:
Diana Kelley of SecurityCurve
Chenxi Wang of Forrester
Window Synder of Mozilla
Mary Ann Davidson of Oracle
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gary McGraw
Sent: Monday, September 29, 2008 12:21 PM
To: McGovern, James F
Thanks Gunnar. I'm scheming schemes that you guys may like...hold that thought!
gem
On 9/29/08 2:52 PM, "Gunnar Peterson" <[EMAIL PROTECTED]> wrote:
I strongly agree with James' ask. Its nice to hear from gurus, but we need to
hear about real world tradeoffs too. Sausage making aint pretty (as
Most of the SANS classes are network/infrastructure related, but some
of them are made specifically for secure coding in a particular
language. I'm an instructor and courseware developer for Security 541,
the secure coding in Java / JEE class
(http://www.sans.org/ns2008/description.php?tid=1937).
As a compliment to coding standards you may want to consider using the
Common Weakness Enumeration (CWE) as a target list of coding, design and
implementation issues you are trying to minimize through use of those
coding standards.
Using the CWEs can also help you to drive and correlate your te
Good idea James. If you take a look at the list of victims, you'll see a mix
of academics, gurus, and CSOs. My next victim (Matt Bishop) is already slated.
After that I will see what I can do to get a CIO for November.
BTW, if anyone has suggestions along those lines, I'm all ears. I would
Wouldn't it be interesting if upcoming Silver Bullets featured CIOs and
Enterprise Architects of Fortune enterprises? The perspectives regarding
secure coding are complimentary yet different...
*
This communication, including
An0n S3c,
i see you have already found our site, but i should probably take this
opportunity to provide a couple of updates.
first of all, CERT has released the Java Secure Coding Standard in
addition to existing secure coding standards for the C and C++
programming languages. CERT invites the Ja
Jim
Thanks. I will add that to the list.
An0n S3c
On Sun, Sep 28, 2008 at 1:45 PM, Jim Manico <[EMAIL PROTECTED]> wrote:
> Andrew van der Stock is also approaching this issue from a high level at
>
> http://www.greebo.net/2008/09/24/coding-standard/
>
> His list looks rather complete.
>
> - Jim
>
Hi,
Something you may want to consider is how you plan on rolling this out
within your organisation, where I work we have a strong culture of using
and following coding standards and guidelines, so rolling out secure
coding guidelines was not that difficult.
That said we started small with a fe
11 matches
Mail list logo