informIT: BSIMM versus SAFECode

[Gary McGraw <gem () cigital com>]

Lets try that again, this time with the proper email address…

From: gem <gem () cigital com<mailto:gem () cigital com>>
Date: Tue, 27 Dec 2011 16:32:56 -0500
To: "sc-l-bounces () securecoding org<mailto:sc-l-bounces () securecoding org>" <sc-l-bounces () securecoding 
org<mailto:sc-l-bounces () securecoding org>>

hi sc-l,

How about a little software security controversy for the tweener holiday week?

On the last day of the BSIMM Conference in November, SAFECode unveiled a paper about the SAFECode Practices and their 
relationship to the BSIMM.   Sammy and I don't think the SAFECode guys got everything right in their work.  In fact, 
they misconstrue the BSIMM as a software security methodology (which it is not) focused on compliance (which it 
definitely is not), so we wrote an article in response:

BSIMM versis SAFECode and Other Kaiju Cinema <http://www.informit.com/articles/article.aspx?p=1824250> (12/26/11)

Hope you enjoy it between parties!  Happy New Year to you all and special shouts out to Ken for running this list!  
Thanks Ken.

Now back to your regularly scheduled holiday.

gem

P.S. The entire collection of informIT columns written over the last five years can be found here:  
http://www.cigital.com/~gem/writings/


_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________