ls (both BSIMM and OSAMM) help to provide a framework
> and a direction to those that have no real security practices at all. Or
> allow a measurement of existing process and see where their weaknesses are.
> That and th
_
> Secure Coding mailing list (SC-L) SC-L@securecoding.org
> List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
> List charter available at - http://www.securecoding.org/list/charter.php
> SC-L is hosted and moderated by KRvW Associate
http://krvw.com/mailman/listinfo/sc-l
> List charter available at - http://www.securecoding.org/list/charter.php
> SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
> as a free, non-commercial service to the software security community.
&
looking positive so far. I encourage anyone with data,
ideas, or motivation to ping me and get involved.
p.
--
~ ~ ~~~~ ~~~~~ ~~~ ~~ ~
Pravir Chandra chandralistorg
PGP:CE60 0E10 9207 7290 06EB
hort answer: they're different), so I blogged about it here:
http://www.opensamm.org/2009/03/whats-up-with-the-other-model/
Thanks!
p.
~ ~ ~~~~ ~ ~~~ ~~ ~
Pravir Chandra chandralistorg
PGP:CE60 0E10 9207 7290 06EB
/www.securecoding.org/list/charter.php
> SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
> as a free, non-commercial service to the software security community.
> ___
>
--
~ ~ ~ ~~~ ~~ ~
Pravir Chandra
ge of orgs for which a dedicated
SSG isn't cost effective, I'm sure we can agree that affording 'someone in
charge of success' doesn't equate to a dedicated SSG. There's a myriad of ways
that can be accomplished in any organizational structure.
Thanks!
p.
~
nd run with it without serious outside help.
p.
~ ~ ~~~~ ~ ~~~ ~~ ~
Pravir Chandra chandralistorg
PGP:CE60 0E10 9207 7290 06EB 5107 4032 63FC 338E 16E4
~ ~~ ~~~ ~ ~ ~
-Origin
to, say, looking at it and
>> thinking "Here's what nine companies have spent dozens of
>> person-decades and millions of dollars learning about what works;
>> let's see what we can glean from that." Uh, okay.
>>
>> Yes, previous models exist. Although it may ha
ct, I'd be
willing to be that for just about every software security problem we've dealt,
I could give you a design/spec level solution that would prevent it in general
(and make auditing and so forth incredibly streamlined).
p.
~ ~~~~
gt; List charter available at - http://www.securecoding.org/list/charter.php
> SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
> as a free, non-commercial service to the software security community.
> ___
>
>
The Real Software blog by Jim Bird has a good post about how his
software security assurance program has evolved over time, and now,
SAMM is helping out.
http://swreflections.blogspot.com/2009/04/opensamm-shows-way.html
p.
--
~ ~ ~ ~~~ ~~ ~
Pravir
liability, or
usability, etc.).
p.
~ ~~~~~~~~~ ~~~~ ~ ~~~ ~~ ~
Pravir Chandra chandralistorg
PGP:CE60 0E10 9207 7290 06EB 5107 4032 63FC 338E 16E4
~ ~~ ~~~ ~ ~ ~
-Original Message-
From: John Steven
Date: Thu, 30 Jul 2009 17:20:52
To: Secu
13 matches
Mail list logo