Wireshark mailing list archives
Re: Con Edison - Top25 Software Errors - Assessment
From: Gerald Combs <gerald () wireshark org>
Date: Fri, 09 Sep 2011 09:01:25 -0700
Carlos, Many items on the list don't apply to Wireshark. For example, we don't use SQL queries (item 1) and Wireshark isn't a web-based application (items 4, 12, 22). For the items that do apply we use the following methods to detect and mitigate errors: Review. We ask that contributors submit code via an enhancement request on our bug tracker where it can be reviewed before being added to the source code repository. Documentation and training. We address some of the issues in the CWE in our developer documentation and in our introductory development class at Sharkfest (the Wireshark user and developer conference). Continuous Integration. As part of our automated build system we run API tests (including the detection of insecure functions), unit tests, and fuzz tests. Privilege separation. Packet capture (which requires elevated privileges on many platforms) is handled by a separate process, dumpcap. On 9/8/11 3:41 PM, Walton, Carlos wrote:
Good day, Can I possibly get a response before close of business tomorrow. *From:*Walton, Carlos *Sent:* Wednesday, August 24, 2011 10:37 AM *To:* wireshark-dev () wireshark org *Cc:* Walton, Carlos *Subject:* Con Edison - Top25 Software Errors - Assessment *Wireshark University *has been identified as a provider of software that is in use or is being evaluated for use in Con Edison. Con Edison is committed to having a strong cyber security program, which includes vulnerability management. The SANS Institute has recently published an updated list of the Top 25 Most Dangerous Software Errors that can lead to serious vulnerabilities in software. To help us maintain our current security posture, please respond how you are addressing the most common weaknesses identified in the publication, during and after the development lifecycle of your software. Please specifically address each one of the Top 25 in the attached document. *green-recycleScaledCarlos Walton*| Environmental Engineering & Program Support | 212.460.6485 ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Re: Con Edison - Top25 Software Errors - Assessment Walton, Carlos (Sep 09)
- Re: Con Edison - Top25 Software Errors - Assessment Anders Broman (Sep 09)
- Re: Con Edison - Top25 Software Errors - Assessment Gerald Combs (Sep 09)