Secure Coding mailing list archives
implementable process level secure development thoughts
From: amurren at gmail.com (Andy Murren)
Date: Tue, 11 Mar 2008 12:20:26 -0400
I have been working on developing a series of documents to turn the ideas encompassed on this list and in what I can find in books & articles. I am not finding, and it may just be I am looking in the wrong places, for any information on how people are actually implementing the concepts. I have found the high level ideas (like in "Software Security" and the MS SDL) and the low level code level rules, but there does not seem to be any information on how these two are being merged and used in actual development projects. Are there any non-proprietary materials out there? If there are none, could this be part of the problem of getting secure development/design/testing/coding out into the real world? Thanks, Andy
Current thread:
- implementable process level secure development thoughts Andy Murren (Mar 11)
- implementable process level secure development thoughts Gary McGraw (Mar 11)
- implementable process level secure development thoughts Wall, Kevin (Mar 11)
- <Possible follow-ups>
- implementable process level secure development thoughts Roman H. (Mar 11)
- implementable process level secure development thoughts Andy Murren (Mar 11)