hi sc-l, The latest monthy SearchSecurity article was co-authored with Jim Routh, CSO of Aetna. What Jim is doing for his fifth (!!) software security initiative is very interesting. So interesting that we decided to write about it.
In particular pay attention to Jim's use of a light weight IDE-based static analysis tool. This is important for two reasons: 1) because it runs on all dev desktops (and thus scales) and 2) because it finds problems in real time as they are being typed in. FIXING security problems found in this way is easier than it is in the situation when results arrive a week after they are typed in when dev on a new sprint. Scaling Automated Code Review: http://bit.ly/1iIcAPB < here is a long URL version http://searchsecurity.techtarget.com/opinion/McGraw-Software-insecurity-and-scaling-automated-code-review> As always, your feedback is welcome. Pass it on! gem company www.cigital.com podcast www.cigital.com/silverbullet blog www.cigital.com/justiceleague book www.swsec.com _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________