From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goertzel, Karen
Sent: Tuesday, August 07, 2007 9:39 AM
To: sc-l@securecoding.org
Subject: Re: [SC-L] Software process improvement produces secure software?
I've always had a question about this as well; specifically, what i
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Kenneth Van Wyk wrote:
>
> On Aug 7, 2007, at 7:01 AM, Francisco Nunes wrote:
>> During our conversation, I made a question to Mr.
>> Hayes similar to this: "Is it possible that only
>> software development process improvements can produce
>> secure s
On Aug 7, 2007, at 7:01 AM, Francisco Nunes wrote:
During our conversation, I made a question to Mr.
Hayes similar to this: "Is it possible that only
software development process improvements can produce
secure software?"
The scenario was only based on CMMI without security
interference.
All
A simple way to understand why implementing software development
process improvement will not necessarily produce secure software is to
read the Common Criteria.
yes, I know that it's opaque and hard to understand, but once you have
gone through the process of writing a Protection Profile for a
I've always had a question about this as well; specifically, what is really
meant by "adding security to a CMM"?
I've always felt that the level at which the software (or system) process is
defined by a CMM is too high and too abstract for the addition of security
activities to be particularly