Re: [SC-L] Silver Bullet

Mary ann has already been a victim. Do analysts count as practitioners?? gem - Original Message - From: [EMAIL PROTECTED] <[EMAIL PROTECTED]> To: SecureMailing List Sent: Mon Sep 29 15:08:55 2008 Subject: Re: [SC-L] Silver Bullet Women to include are: Diana Kelley of SecurityCurve Ch

Re: [SC-L] Silver Bullet

I strongly agree with James' ask. Its nice to hear from gurus, but we need to hear about real world tradeoffs too. Sausage making aint pretty (ask Hank and Ben), but its the real world and I for one am always fascinated with what choices organizations make and why. I am also very excited to hea

Re: [SC-L] Silver Bullet

Women to include are: Diana Kelley of SecurityCurve Chenxi Wang of Forrester Window Synder of Mozilla Mary Ann Davidson of Oracle -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary McGraw Sent: Monday, September 29, 2008 12:21 PM To: McGovern, James F

Re: [SC-L] Silver Bullet

Thanks Gunnar. I'm scheming schemes that you guys may like...hold that thought! gem On 9/29/08 2:52 PM, "Gunnar Peterson" <[EMAIL PROTECTED]> wrote: I strongly agree with James' ask. Its nice to hear from gurus, but we need to hear about real world tradeoffs too. Sausage making aint pretty (as

Re: [SC-L] Secure Coding Standards

Most of the SANS classes are network/infrastructure related, but some of them are made specifically for secure coding in a particular language. I'm an instructor and courseware developer for Security 541, the secure coding in Java / JEE class (http://www.sans.org/ns2008/description.php?tid=1937).

Re: [SC-L] Secure Coding Standards

As a compliment to coding standards you may want to consider using the Common Weakness Enumeration (CWE) as a target list of coding, design and implementation issues you are trying to minimize through use of those coding standards. Using the CWEs can also help you to drive and correlate your te

Re: [SC-L] Silver Bullet

Good idea James. If you take a look at the list of victims, you'll see a mix of academics, gurus, and CSOs. My next victim (Matt Bishop) is already slated. After that I will see what I can do to get a CIO for November. BTW, if anyone has suggestions along those lines, I'm all ears. I would

[SC-L] Silver Bullet

Wouldn't it be interesting if upcoming Silver Bullets featured CIOs and Enterprise Architects of Fortune enterprises? The perspectives regarding secure coding are complimentary yet different... * This communication, including

Re: [SC-L] Secure Coding Standards

An0n S3c, i see you have already found our site, but i should probably take this opportunity to provide a couple of updates. first of all, CERT has released the Java Secure Coding Standard in addition to existing secure coding standards for the C and C++ programming languages. CERT invites the Ja

Re: [SC-L] Secure Coding Standards

Jim Thanks. I will add that to the list. An0n S3c On Sun, Sep 28, 2008 at 1:45 PM, Jim Manico <[EMAIL PROTECTED]> wrote: > Andrew van der Stock is also approaching this issue from a high level at > > http://www.greebo.net/2008/09/24/coding-standard/ > > His list looks rather complete. > > - Jim >

Re: [SC-L] Secure Coding Standards

Hi, Something you may want to consider is how you plan on rolling this out within your organisation, where I work we have a strong culture of using and following coding standards and guidelines, so rolling out secure coding guidelines was not that difficult. That said we started small with a fe