Secure Coding mailing list archives
Reality Check: EMC Eric Baize
From: gem at cigital.com (Gary McGraw)
Date: Tue, 3 Mar 2009 04:47:44 -0500
The BSIMM data are coming soon to a website near you. Stay tuned to sc-l for an early look. In the meantime here are the three articles that set the stage, with another under way as you read this email: A Software Security Framework: Working Towards a Realistic Maturity Model (October 15, 2008) http://www.informit.com/articles/article.aspx?p=1271382 Software Security Top 10 Surprises (December 15, 2008) http://www.informit.com/articles/article.aspx?p=1315431 Nine Things Everybody Does: Software Security Activities from the BSIMM (February 9, 2009) http://www.informit.com/articles/article.aspx?p=1326511 gem company www.cigital.com podcast www.cigital.com/silverbullet podcast www.cigital.com/realitycheck blog www.cigital.com/justiceleague book www.swsec.com On 3/3/09 10:25 AM, "Kenneth van Wyk" <Ken at KRvW.com> wrote: On Mar 3, 2009, at 10:11 AM, Gary McGraw wrote:
Our fearless leader Ken gave a nice presentation on software security methodologies yesterday at secappdev. I wonder what he says about the Touchpoints when I'm not in the room?!
Thanks for the kind words. What I say about the Touchpoints, Microsoft's SDL, or OWASP's CLASP remains the same whether you're in the room or not. They all offer good points and bad points. I tend to favor a hybrid approach that works well for me, which is what I always recommend to my customers. More importantly, though, I am eager to update the message with what the companies who participated in the BSIMM are actually doing in practice. Cheers, Ken ----- Kenneth R. van Wyk KRvW Associates, LLC http://www.KRvW.com
Current thread:
- Reality Check: EMC Eric Baize Gary McGraw (Mar 03)
- Reality Check: EMC Eric Baize Kenneth Van Wyk (Mar 03)
- Reality Check: EMC Eric Baize Gary McGraw (Mar 03)
- Reality Check: EMC Eric Baize Kenneth Van Wyk (Mar 03)