[SC-L] Project announce: The OWASP Source Code Flaws Top 10

2008-12-16 Thread Paolo Perego
Hello leaders, I'm really happy to announce a new documentation project I started today. Our Top 10 most critical web app vulnerabilities is the standard de facto when trying to summarize findings when you assess a web application. And it is great. Looking at source code assessment (or code

[SC-L] top 10 software security surprises

2008-12-16 Thread Gary McGraw
hi sc-l, Using the software security framework introduced in October (A Software Security Framework: Working Towards a Realistic Maturity Model http://www.informit.com/articles/article.aspx?p=1271382), we interviewed nine executives running top software security programs in order to gather

Re: [SC-L] top 10 software security surprises

2008-12-16 Thread Pravir Chandra
Hey All. On the topic of maturity models, in Gary's first article he mentioned a draft model I created. Since I've mostly been discussing it in OWASP circles, I wanted to point out the Software Assurance Maturity Model (SAMM) project at http://www.opensamm.org I kicked off that work based on a