hi sc-l,
This list is made up of a bunch of practitioners (more than a thousand from
what Ken tells me), and we collectively have many different ways of promoting
software security in our companies and our clients. The BSIMM study
http://bsi-mm.com focuses attention on software security in
Hi Gary.
To play devil's advocate:
Current organizational practices aside, I would say that organizations
really need more and better toolkits and standards for developers to use,
than they need more and better committees.
A toolkit example that comes to mind, to keep this email short: the
I think, MS is more an example of an ideal, than what the comparatively
everyman organization can realistically hope to achieve, basically given
resource constraints.
Mike
On Mon, Dec 21, 2009 at 8:37 PM, David Ladd davel...@microsoft.com wrote:
To be clear - we do both. We automate and
But, do those require a second security group to execute(?)
Mike
On Mon, Dec 21, 2009 at 9:41 PM, David Ladd davel...@microsoft.com wrote:
A lot of people look at what has been published from Microsoft about the
SDL – most notably the MSDN guidance