Brad Andrews Writes:
> After all, we can just "implement this maturity model and eliminate
> all our security problems, at least in the application,
> right?" That
> is likely to end up resulting in even more resistance in the future
> when management questions why they need to keep spe
The document properties suggests June 2009, and it's a shame that there
isn't much details as we are looking to evaluate 3 of the code analysis
tools for our development here.
CJC
> -Original Message-
> From: sc-l-boun...@securecoding.org
> [mailto:sc-l-boun...@securecoding.org] On Beha
I have a few concerns with formal proofs particularly applying them in a
non-academic environment (some of which may be my own naïve lack of
understanding and my feeble memory of my university years studying formal
methods).
Firstly whilst the code provably does what you said that it would do, tha
Hi,
Something you may want to consider is how you plan on rolling this out
within your organisation, where I work we have a strong culture of using
and following coding standards and guidelines, so rolling out secure
coding guidelines was not that difficult.
That said we started small with a fe
Martin Gilje Jaatun wrote:
> Karen, Matt & all,
>
> Goertzel, Karen [USA] wrote:
> > I'm more devious. I think what needs to happen is that we
> need to redefine what we mean by "functionally correct" or
> "quality" code. If determination of functional correctness
> were extended from "must o
