[SC-L] quick question - SXSW

2008-03-11 Thread Benjamin Tomhave
I had just a quick query for everyone out there, with an attached thought. How many security and/or secure coding professionals are prevalently involved with the SXSW conference this week? I know, I know... it's a big party for developers - particularly the Web 2.0 clique - but I'm just curious.

[SC-L] implementable process level secure development thoughts

2008-03-11 Thread Andy Murren
I have been working on developing a series of documents to turn the ideas encompassed on this list and in what I can find in books articles. I am not finding, and it may just be I am looking in the wrong places, for any information on how people are actually implementing the concepts. I have

Re: [SC-L] implementable process level secure development thoughts

2008-03-11 Thread Gary McGraw
Hi Andy, We build and then execute plans to do that kind of activity all the time at Cigital. Unfortunately, the plans are all highly tailored to the politics and operations of our specific customers, and they are proprietary. Basically they do involve several aspects in common if you step

Re: [SC-L] implementable process level secure development thoughts

2008-03-11 Thread Andy Murren
Roman, My starting point is sort of simple, how to weave secure development into the basic SDLC. I am assuming that regardless of what you call the steps most folks use a multi step process. Working with a 5 step process (Plan, Design, Develop, Test, Deploy) what is added to each of those

Re: [SC-L] implementable process level secure development thoughts

2008-03-11 Thread Wall, Kevin
Andy, You wrote... I have been working on developing a series of documents to turn the ideas encompassed on this list and in what I can find in books articles. I am not finding, and it may just be I am looking in the wrong places, for any information on how people are actually