Secure Coding mailing list archives
FW: Darkreading: Secure Coding Certification
From: gem at cigital.com (Gary McGraw)
Date: Tue, 15 May 2007 09:52:00 -0400
I meant to send this to the list. -----Original Message----- From: Gary McGraw Sent: Tuesday, May 15, 2007 9:09 AM To: 'ljknews' Subject: RE: [SC-L] Darkreading: Secure Coding Certification Oops. Sorry about that. I just checked the URL for the darkreading article again. Looks the same to me: http://www.darkreading.com/document.asp?doc_id=123606 Please note that a nice little thread has developed over there as well (the hazards of a net existence). http://www.darkreading.com/boards/messages.asp?thread_id=155877&msg_id=144925&t=true There is a huge body of knowledge and of best practices that has developed over the last decade of work in software security. I tried to describe it all in detail in my boko "Software Security," so get a copy of that if you're interested. We have moved well past a collection of data about common bugs. gem company www.cigital.com podcast www.cigital.com/silverbullet blog www.cigital.com/justiceleague book www.swsec.com -----Original Message----- From: sc-l-bounces at securecoding.org [mailto:sc-l-bounces at securecoding.org] On Behalf Of ljknews Sent: Saturday, May 12, 2007 8:04 AM To: SC-L at securecoding.org Subject: Re: [SC-L] Darkreading: Secure Coding Certification At 11:17 AM -0400 5/11/07, Gary McGraw wrote:
As readers of the list know, SANS recently announced a certification scheme for secure programming. Many vendors and consultants jumped on the bandwagon. I'm not so sure the bandwagon is going anywhere. I explain why in my latest darkreading column: http://www.darkreading.com/document.asp?doc_id=123606
Well that page shows up as blank in my browser and shows 637 HTML errors on http://validator.w3.org,
What do you think? Can we test someone's software security knowledge with a multiple choice test? Anybody seen the body of knowledge behind the test?
but based on biases I see on this list, I tend to believe that those who make such a certification scheme would bias it toward: Programming done in C and derivative languages (C++, Java, etc.) Programming relying on TCP/IP neither of which is relevant to my endeavors. -- Larry Kilgallen _______________________________________________ Secure Coding mailing list (SC-L) SC-L at securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
Current thread:
- Darkreading: Secure Coding Certification, (continued)
- Darkreading: Secure Coding Certification Gary McGraw (May 15)
- Darkreading: Secure Coding Certification pmeunier (May 15)
- Darkreading: Secure Coding Certification Gary McGraw (May 15)
- Darkreading: Secure Coding Certification ljknews (May 12)
- Darkreading: Secure Coding Certification Steven M. Christey (May 14)
- Darkreading: Secure Coding Certification McGovern, James F (HTSC, IT) (May 14)
- Darkreading: Secure Coding Certification Greg Beeley (May 14)
- Darkreading: Secure Coding Certification ljknews (May 14)
- Darkreading: Secure Coding Certification Steven M. Christey (May 14)
- Darkreading: Secure Coding Certification ljknews (May 14)
- Darkreading: Secure Coding Certification Greg Beeley (May 14)
- Darkreading: Secure Coding Certification Steven M. Christey (May 14)
- FW: Darkreading: Secure Coding Certification Gary McGraw (May 15)
- Darkreading: Secure Coding Certification Bennett, Jason (May 16)
- Darkreading: Secure Coding Certification Gary McGraw (May 16)
- Darkreading: Secure Coding Certification McGovern, James F (HTSC, IT) (May 16)