Secure Coding mailing list archives

Language agnostic secure coding guidelines/standards?

From: vanderaj at owasp.org (Andrew van der Stock)
Date: Thu, 13 Nov 2008 10:49:01 -0500

The OWASP materials are fairly language neutral. The closest document  
to your current requirements is the Developer Guide.

I am also developing a coding standard for Owasp with a likely  
deliverable date next year. I am looking for volunteers to help with  
it, so if you want a document that exactly meets your needs ... Please  
join us!

Thanks,
Andrew

On Nov 12, 2008, at 19:21, "Pete Werner" <peter.werner at gmail.com> wrote:

Hi all

I've been tasked with developing a secure coding standard for my
employer. This will be a policy tool used to get developers to fix
issues in their code after an audit, and also hopefully be of use to
developers as they work to ensure they are compliant. The kicker is it
needs to cover things ranging from cobol running on a mainframe, in
house network monitoring software in c and perl through to web and
desktop applications in java or .net.

I've been doing some searching to see if there is anything similar
online, but everything i've found is mostly focussed on web
applications or language/platform specific. Does anyone know of
something that may be what I'm looking for?

It's basically going to be a checklist where every item will be
something that can be audited, and the things that aren't relevant to
a given application can be ignored. The broad sections I have so far
are:

Input/Output handling
Session Control and Management
Memory allocation and Management
Authentication Management
Authorisation Management
Data Protection
Logging and Auditing
Application Errors and Exceptions

Thanks in advance
Pete
_______________________________________________
Secure Coding mailing list (SC-L) SC-L at securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com 
)
as a free, non-commercial service to the software security community.
_______________________________________________

Current thread:

Language agnostic secure coding guidelines/standards? Pete Werner (Nov 12)
- Language agnostic secure coding guidelines/standards? AF (Nov 13)
- Language agnostic secure coding guidelines/standards? McGovern, James F (HTSC, IT) (Nov 13)
- Language agnostic secure coding guidelines/standards? Andrew van der Stock (Nov 13)
  - Language agnostic secure coding guidelines/standards? John Steven (Nov 13)
  - Language agnostic secure coding guidelines/standards? Steven M. Christey (Nov 17)
    - Language agnostic secure coding guidelines/standards? Gary McGraw (Nov 19)
    - Language agnostic secure coding guidelines/standards? Pete Werner (Nov 20)
    - Language agnostic secure coding guidelines/standards? Dave Wichers (Nov 21)
- Language agnostic secure coding guidelines/standards? Robert Seacord (Nov 14)
- <Possible follow-ups>
- Language agnostic secure coding guidelines/standards? David A. Wheeler (Nov 14)