Re: [SC-L] IT industry creates secure coding advocacy group

2007-11-01 Thread McGovern, James F (HTSC, IT) 
 I publicly support Gunnar's assertion that folks in large enterprises
need to get together as a collective to drive secure coding practices.
If you know of others, please do not hesitate to have them connect to me
via LinkedIn (I am bad with managing contact information) and I will
most certainly take the lead...

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gunnar Peterson
Sent: Tuesday, October 23, 2007 3:08 PM
To: Kenneth van Wyk; Secure Mailing List
Subject: Re: [SC-L] IT industry creates secure coding advocacy group

Hi Ken,

I thought the driving force was your book, after all they named their
initiative after it.

Anyhow, I'll reiterate here what I blogged:

It would be very interesting to see an equivalent initiative from the
customer side (who are the lucky recipients who have to pay for all the
security vulns created by the above). I know as a consultant there are
many large companies struggling with similar secure coding issues
exacerbated by outsourcing to some degree, and a lot could be gained by
a shared effort.
The analyst community like the vendors has more or less Fortune 500s out
in the dark, so this may be an area where a half dozen or so motivated
security architects and CISOs at Fortune 500s could band together to
create a group to help drive change. None of the other big players
(analysts, vendors, big consulting firms) seem to be doing it. Why not
bootstrap a Fortune 500 Secure Coding Initiative to drive better
products, services and share best practices in the software security
space?

-gp


On 10/23/07 1:55 PM, Kenneth Van Wyk [EMAIL PROTECTED] wrote:

 Saw this story via Gunnar's blog (thanks!):
 
 http://www.gcn.com/online/vol1_no1/45286-1.html
 
 Any thoughts on new group, which is calling itself SAFEcode?  Anyone 
 here involved in its formation and care to share with us what's the 
 driving force behind it?
 
 Cheers,
 
 Ken
 
 -
 Kenneth R. van Wyk
 SC-L Moderator
 KRvW Associates, LLC
 http://www.KRvW.com
 
 
 
 
 ___
 Secure Coding mailing list (SC-L) SC-L@securecoding.org List 
 information, subscriptions, etc - 
 http://krvw.com/mailman/listinfo/sc-l
 List charter available at - 
 http://www.securecoding.org/list/charter.php
 SC-L is hosted and moderated by KRvW Associates, LLC 
 (http://www.KRvW.com) as a free, non-commercial service to the
software security community.
 ___



On 10/23/07 1:55 PM, Kenneth Van Wyk [EMAIL PROTECTED] wrote:

 Saw this story via Gunnar's blog (thanks!):
 
 http://www.gcn.com/online/vol1_no1/45286-1.html
 
 Any thoughts on new group, which is calling itself SAFEcode?  Anyone 
 here involved in its formation and care to share with us what's the 
 driving force behind it?
 
 Cheers,
 
 Ken
 
 -
 Kenneth R. van Wyk
 SC-L Moderator
 KRvW Associates, LLC
 http://www.KRvW.com
 
 
 
 
 ___
 Secure Coding mailing list (SC-L) SC-L@securecoding.org List 
 information, subscriptions, etc - 
 http://krvw.com/mailman/listinfo/sc-l
 List charter available at - 
 http://www.securecoding.org/list/charter.php
 SC-L is hosted and moderated by KRvW Associates, LLC 
 (http://www.KRvW.com) as a free, non-commercial service to the
software security community.
 ___

--
Gunnar Peterson, Managing Principal, Arctec Group
http://www.arctecgroup.net

Blog: http://1raindrop.typepad.com


___
Secure Coding mailing list (SC-L) SC-L@securecoding.org List
information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC
(http://www.KRvW.com) as a free, non-commercial service to the software
security community.
___


*
This communication, including attachments, is
for the exclusive use of addressee and may contain proprietary,
confidential and/or privileged information.  If you are not the intended
recipient, any use, copying, disclosure, dissemination or distribution is
strictly prohibited.  If you are not the intended recipient, please notify
the sender immediately by return e-mail, delete this communication and
destroy all copies.
*


___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___

[SC-L] IT industry creates secure coding advocacy group

2007-10-23 Thread Kenneth Van Wyk 

Saw this story via Gunnar's blog (thanks!):

http://www.gcn.com/online/vol1_no1/45286-1.html

Any thoughts on new group, which is calling itself SAFEcode?  Anyone  
here involved in its formation and care to share with us what's the  
driving force behind it?


Cheers,

Ken

-
Kenneth R. van Wyk
SC-L Moderator
KRvW Associates, LLC
http://www.KRvW.com






smime.p7s
Description: S/MIME cryptographic signature
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___

Re: [SC-L] IT industry creates secure coding advocacy group

2007-10-23 Thread Gunnar Peterson 
Hi Ken,

I thought the driving force was your book, after all they named their
initiative after it.

Anyhow, I'll reiterate here what I blogged:

It would be very interesting to see an equivalent initiative from the
customer side (who are the lucky recipients who have to pay for all the
security vulns created by the above). I know as a consultant there are many
large companies struggling with similar secure coding issues exacerbated by
outsourcing to some degree, and a lot could be gained by a shared effort.
The analyst community like the vendors has more or less Fortune 500s out in
the dark, so this may be an area where a half dozen or so motivated security
architects and CISOs at Fortune 500s could band together to create a group
to help drive change. None of the other big players (analysts, vendors, big
consulting firms) seem to be doing it. Why not bootstrap a Fortune 500
Secure Coding Initiative to drive better products, services and share best
practices in the software security space?

-gp


On 10/23/07 1:55 PM, Kenneth Van Wyk [EMAIL PROTECTED] wrote:

 Saw this story via Gunnar's blog (thanks!):
 
 http://www.gcn.com/online/vol1_no1/45286-1.html
 
 Any thoughts on new group, which is calling itself SAFEcode?  Anyone
 here involved in its formation and care to share with us what's the
 driving force behind it?
 
 Cheers,
 
 Ken
 
 -
 Kenneth R. van Wyk
 SC-L Moderator
 KRvW Associates, LLC
 http://www.KRvW.com
 
 
 
 
 ___
 Secure Coding mailing list (SC-L) SC-L@securecoding.org
 List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
 List charter available at - http://www.securecoding.org/list/charter.php
 SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
 as a free, non-commercial service to the software security community.
 ___



On 10/23/07 1:55 PM, Kenneth Van Wyk [EMAIL PROTECTED] wrote:

 Saw this story via Gunnar's blog (thanks!):
 
 http://www.gcn.com/online/vol1_no1/45286-1.html
 
 Any thoughts on new group, which is calling itself SAFEcode?  Anyone
 here involved in its formation and care to share with us what's the
 driving force behind it?
 
 Cheers,
 
 Ken
 
 -
 Kenneth R. van Wyk
 SC-L Moderator
 KRvW Associates, LLC
 http://www.KRvW.com
 
 
 
 
 ___
 Secure Coding mailing list (SC-L) SC-L@securecoding.org
 List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
 List charter available at - http://www.securecoding.org/list/charter.php
 SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
 as a free, non-commercial service to the software security community.
 ___

-- 
Gunnar Peterson, Managing Principal, Arctec Group
http://www.arctecgroup.net

Blog: http://1raindrop.typepad.com


___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___