Secure Coding mailing list archives
informIT: BSIMM versus SAFECode
From: Gary McGraw <gem () cigital com>
Date: Thu, 29 Dec 2011 10:32:47 -0500
Lets try that again, this time with the proper email address… From: gem <gem () cigital com<mailto:gem () cigital com>> Date: Tue, 27 Dec 2011 16:32:56 -0500 To: "sc-l-bounces () securecoding org<mailto:sc-l-bounces () securecoding org>" <sc-l-bounces () securecoding org<mailto:sc-l-bounces () securecoding org>> hi sc-l, How about a little software security controversy for the tweener holiday week? On the last day of the BSIMM Conference in November, SAFECode unveiled a paper about the SAFECode Practices and their relationship to the BSIMM. Sammy and I don't think the SAFECode guys got everything right in their work. In fact, they misconstrue the BSIMM as a software security methodology (which it is not) focused on compliance (which it definitely is not), so we wrote an article in response: BSIMM versis SAFECode and Other Kaiju Cinema <http://www.informit.com/articles/article.aspx?p=1824250> (12/26/11) Hope you enjoy it between parties! Happy New Year to you all and special shouts out to Ken for running this list! Thanks Ken. Now back to your regularly scheduled holiday. gem P.S. The entire collection of informIT columns written over the last five years can be found here: http://www.cigital.com/~gem/writings/ _______________________________________________ Secure Coding mailing list (SC-L) SC-L () securecoding org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
Current thread:
- informIT: BSIMM versus SAFECode Gary McGraw (Dec 31)