![securecoding logo](/images/securecoding-logo.png)
Secure Coding mailing list archives
The Next Frontier
From: James.McGovern at thehartford.com (McGovern, James F (HTSC, IT))
Date: Tue, 26 Jun 2007 18:00:00 -0400
Awhile back, someone asked the question of what should this list collectively work on next. Today, I attended a demo from Fortify Software and an idea appeared. It seems as if OWASP has a taxonomy of all ways of classifying defects. Likewise, all of the tools emit some form of information to be consumed by the audit role. Would there be value in terms of defining an XML schema that all tools could emit audit information to? My thought is that this could solve several problems. For example, if a large enterprise wanted to put in their outsourcing contract that their outsourcer use a tool (any tool) but also had to provide the audit results in a normalized markup language then they could build trends, do analysis at a higher level to look at common problems and so on. Likewise, in situations where one doesn't necessarily have access to source code (say Oracle, BEA, Microsoft and so on), we could ask for evidence of what tests where ran and the results without having access to the actual source code. Likewise, if there were a way to capture signoffs and digitally sign portions then that could be something put into the contract as well. Thoughts? ************************************************************************* This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies. *************************************************************************
Current thread:
- Interesting tidbit in iDefense Security Advisory 06.26.07 Kenneth Van Wyk (Jun 26)
- Interesting tidbit in iDefense Security Advisory 06.26.07 Steven M. Christey (Jun 26)
- Interesting tidbit in iDefense Security Advisory 06.26.07 Wall, Kevin (Jun 26)
- Interesting tidbit in iDefense Security Advisory 06.26.07 Paco Hope (Jun 26)
- Interesting tidbit in iDefense Security Advisory 06.26.07 Steven M. Christey (Jun 26)
- The Next Frontier McGovern, James F (HTSC, IT) (Jun 26)
- The Next Frontier Paco Hope (Jun 27)
- The Next Frontier ljknews (Jun 27)
- The Next Frontier Steven M. Christey (Jun 27)
- The Next Frontier McGovern, James F (HTSC, IT) (Jun 28)
- Interesting tidbit in iDefense Security Advisory 06.26.07 Paco Hope (Jun 26)
- Interesting tidbit in iDefense Security Advisory 06.26.07 Leichter, Jerry (Jun 27)
- Comparing Software Vendors McGovern, James F (HTSC, IT) (Jun 28)
- <Possible follow-ups>
- Interesting tidbit in iDefense Security Advisory 06.26.07 David A. Wheeler (Jun 28)
- Interesting tidbit in iDefense Security Advisory 06.26.07 J. M. Seitz (Jun 28)