Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Con Edison - Top25 Software Errors - Assessment

From: Gerald Combs <gerald () wireshark org>
Date: Fri, 09 Sep 2011 09:01:25 -0700
Carlos,

Many items on the list don't apply to Wireshark. For example, we don't
use SQL queries (item 1) and Wireshark isn't a web-based application
(items 4, 12, 22).

For the items that do apply we use the following methods to detect and
mitigate errors:

Review. We ask that contributors submit code via an enhancement request
on our bug tracker where it can be reviewed before being added to the
source code repository.

Documentation and training. We address some of the issues in the CWE in
our developer documentation and in our introductory development class at
Sharkfest (the Wireshark user and developer conference).

Continuous Integration. As part of our automated build system we run API
tests (including the detection of insecure functions), unit tests, and
fuzz tests.

Privilege separation. Packet capture (which requires elevated privileges
on many platforms) is handled by a separate process, dumpcap.


On 9/8/11 3:41 PM, Walton, Carlos wrote:

Good day,

Can I possibly get a response before close of business tomorrow.

 

 

*From:*Walton, Carlos
*Sent:* Wednesday, August 24, 2011 10:37 AM
*To:* wireshark-dev () wireshark org
*Cc:* Walton, Carlos
*Subject:* Con Edison - Top25 Software Errors - Assessment

 

*Wireshark University *has been identified as a provider  of  software
that is in use or is being evaluated for use in Con Edison.

Con Edison is committed to having a strong cyber security program, which
includes vulnerability management.

 

The SANS Institute has recently published an updated list of the Top 25
Most Dangerous Software Errors that can lead to serious vulnerabilities
in software.

To help us maintain our current security posture, please respond how you
are addressing  the most common  weaknesses identified in the
publication, during and after the development lifecycle of your software.

 

Please specifically address each one of the Top 25 in the attached
document.

 

 

*green-recycleScaledCarlos Walton*| Environmental Engineering & Program
Support | 212.460.6485

 



___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: