Personally I think secure coding should be included in the entire
curriculum irrespective of the level. People learn habits early on
that they tend to carry for as long as they are programmers. How many
programmers that learned the K&R style of indentation for example
continue to use it as their de
Overall I concur with Bruce on this. PCI has too broad of a
constituent base to cover to be truly effective. Some fixes were
added after the TJX breach, but look at how much TJX paid versus how
much the laid aside to pay. I am betting that the TJX lawyers
produced documents showing that they we
Once an application is released or put into production, what are
organizations doing to keep the applications secure? As new
vulnerabilities and classes of exploits are released, how is that
information being fed back to developers so they can update/patch in
the software. At the network most org
I have been working on developing a series of documents to turn the
ideas encompassed on this list and in what I can find in books &
articles. I am not finding, and it may just be I am looking in the
wrong places, for any information on how people are actually
implementing the concepts. I have fo
Roman,
My starting point is sort of simple, how to weave secure development
into the basic SDLC. I am assuming that regardless of what you call
the steps most folks use a multi step process. Working with a 5 step
process (Plan, Design, Develop, Test, Deploy) what is added to each of
those steps.