Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Comparing Scanning Tools

From: dave.wichers at aspectsecurity.com (Dave Wichers)
Date: Fri, 9 Jun 2006 13:41:26 -0400
The OWASP Legal project took a crack at this:
http://www.owasp.org/index.php/Category:OWASP_Legal_Project

 

This project developed a strawman Secure Software Development Contract annex
which is available at:
http://www.owasp.org/index.php/OWASP_Secure_Software_Contract_Annex

 

This project is led by Jeff Williams of Aspect Security.

 

-Dave

 

Dave Wichers

COO, Aspect Security

 

  _____  

From: sc-l-bounces at securecoding.org [mailto:sc-l-bounces at securecoding.org]
On Behalf Of McGovern, James F (HTSC, IT)
Sent: Friday, June 09, 2006 12:10 PM
To: Secure Mailing List
Subject: RE: [SC-L] RE: Comparing Scanning Tools

 

I think I should have been more specific in my first post. I should have
phrased it as I have yet to find a large enterprise whose primary business
isn't software or technology that has made a significant investment in such
tools.

 

Likewise, a lot of large enteprrises are shifting away from building inhouse
to either outsourcing and/or buying which means that secure coding practices
should also be enforced via procurement agreements. Has anyone here ran
across contract clauses that assist in this regard?

-----Original Message-----
From: Gunnar Peterson [mailto:gunnar at arctecgroup.net]
Sent: Friday, June 09, 2006 8:48 AM
To: Brian Chess; Secure Mailing List; McGovern, James F (HTSC, IT)
Subject: Re: [SC-L] RE: Comparing Scanning Tools

Right, because their customers (are starting to) demand more secure code
from their technology. In the enterprise space the financial, insurance,
healthcare companies who routinely lose their customer's data and provide
their customers with vulnerability-laden apps have not yet seen the same
amount of customer demand for this, but 84 million public lost records later
( http://www.privacyrights.org/ar/ChronDataBreaches.htm) this may begin to
change.

-gp


On 6/9/06 1:45 AM, "Brian Chess" <brian at fortifysoftware.com> wrote:

McGovern, James F wrote:


I have yet to find a large enterprise that has made a significant

investment in such tools. 

I'll give you pointers to two.  They're two of the three largest software
companies in the world.

http://news.com.com/2100-1002_3-5220488.html
http://news.zdnet.com/2100-3513_22-6002747.html

Brian


  _____  


_______________________________________________
Secure Coding mailing list (SC-L)
SC-L at securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php

 



*************************************************************************
This communication, including attachments, is
for the exclusive use of addressee and may contain proprietary,
confidential and/or privileged information. If you are not the intended
recipient, any use, copying, disclosure, dissemination or distribution is
strictly prohibited. If you are not the intended recipient, please notify
the sender immediately by return e-mail, delete this communication and
destroy all copies.
*************************************************************************

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://krvw.com/pipermail/sc-l/attachments/20060609/06fb53f3/attachment.html
Previous By Date Next
Previous By Thread Next

Current thread: