Secure Coding mailing list archives
Tools: Evaluation Criteria
From: peter.amey at praxis-his.com (Peter Amey)
Date: Tue, 22 May 2007 16:00:41 +0100
________________________________ From: sc-l-bounces at securecoding.org [mailto:sc-l-bounces at securecoding.org] On Behalf Of McGovern, James F (HTSC, IT) Sent: 22 May 2007 14:48 To: SC-L at securecoding.org Subject: [SC-L] Tools: Evaluation Criteria We will shortly be starting an evaluation of tools to assist in the secure coding practices initiative and have been wildly successful in finding lots of consultants who can assist us in evaluating but absolutely zero in terms of finding RFI/RFPs of others who have travelled this path before us. Would especially love to understand stretch goals that we should be looking for beyond simple stuff like finding buffer overflows in C, OWASP checklists, etc. [PNA] For some "stretch goals ", take a look at www.sparkada.com and some of the published papers there, especially one on a project called Tokeneer. (Caveat: I am commercially involved in the SPARK tools. In my travels, it "feels" as if folks are simply choosing tools in this space because they are the market leader, incumbent vendor or simply asking an industry analyst but none seem to have any "deep" criteria. I guess at some level, choosing any tool will move the needle, but investments really should be longer term. [PNA] Agreed Peter -------------------------------------------------------- Peter Amey BSc ACGI CEng CITP MRAes FBCS CTO (Software Engineering) direct: +44 (0) 1225 823761 mobile: +44 (0) 7774 148336 peter.amey at praxis-his.com Praxis High Integrity Systems Ltd 20 Manvers St, Bath, BA1 1PX, UK t: +44 (0)1225 466991 f: +44 (0)1225 469006 w: www.praxis-his.com <http://www.praxis-his.com/> -------------------------------------------------------- This email is confidential and intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient, be advised that you have received this email in error and that any use, disclosure, copying or distribution or any action taken or omitted to be taken in reliance on it is strictly prohibited. If you have received this email in error please contact the sender. Any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Praxis. Although this email and any attachments are believed to be free of any virus or other defect, no responsibility is accepted by Praxis or any of its associated companies for any loss or damage arising in any way from the receipt or use thereof. The IT Department at Praxis can be contacted at it.support at praxis-his.com. Praxis High Integrity Systems Ltd: Company Number: 3302507, registered in England and Wales Registered Address: 20 Manvers Street, Bath. BA1 1PX VAT Registered in Great Britain: 682635707 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://krvw.com/pipermail/sc-l/attachments/20070522/429cf6c9/attachment.html
Current thread:
- Tools: Evaluation Criteria Peter Amey (May 22)
- <Possible follow-ups>
- Tools: Evaluation Criteria Peter Amey (May 23)
- Tools: Evaluation Criteria McGovern, James F (HTSC, IT) (May 23)
- Tools: Evaluation Criteria ljknews (May 23)
- Tools: Evaluation Criteria Wall, Kevin (May 24)
- Tools: Evaluation Criteria Gunnar Peterson (May 24)
- Tools: Evaluation Criteria McGovern, James F (HTSC, IT) (May 23)
- Tools: Evaluation Criteria Peter Amey (May 24)