Secure Coding mailing list archives
RE: Comparing Scanning Tools
From: dave.wichers at aspectsecurity.com (Dave Wichers)
Date: Fri, 9 Jun 2006 13:41:26 -0400
The OWASP Legal project took a crack at this: http://www.owasp.org/index.php/Category:OWASP_Legal_Project This project developed a strawman Secure Software Development Contract annex which is available at: http://www.owasp.org/index.php/OWASP_Secure_Software_Contract_Annex This project is led by Jeff Williams of Aspect Security. -Dave Dave Wichers COO, Aspect Security _____ From: sc-l-bounces at securecoding.org [mailto:sc-l-bounces at securecoding.org] On Behalf Of McGovern, James F (HTSC, IT) Sent: Friday, June 09, 2006 12:10 PM To: Secure Mailing List Subject: RE: [SC-L] RE: Comparing Scanning Tools I think I should have been more specific in my first post. I should have phrased it as I have yet to find a large enterprise whose primary business isn't software or technology that has made a significant investment in such tools. Likewise, a lot of large enteprrises are shifting away from building inhouse to either outsourcing and/or buying which means that secure coding practices should also be enforced via procurement agreements. Has anyone here ran across contract clauses that assist in this regard? -----Original Message----- From: Gunnar Peterson [mailto:gunnar at arctecgroup.net] Sent: Friday, June 09, 2006 8:48 AM To: Brian Chess; Secure Mailing List; McGovern, James F (HTSC, IT) Subject: Re: [SC-L] RE: Comparing Scanning Tools Right, because their customers (are starting to) demand more secure code from their technology. In the enterprise space the financial, insurance, healthcare companies who routinely lose their customer's data and provide their customers with vulnerability-laden apps have not yet seen the same amount of customer demand for this, but 84 million public lost records later ( http://www.privacyrights.org/ar/ChronDataBreaches.htm) this may begin to change. -gp On 6/9/06 1:45 AM, "Brian Chess" <brian at fortifysoftware.com> wrote: McGovern, James F wrote:
I have yet to find a large enterprise that has made a significant
investment in such tools. I'll give you pointers to two. They're two of the three largest software companies in the world. http://news.com.com/2100-1002_3-5220488.html http://news.zdnet.com/2100-3513_22-6002747.html Brian _____ _______________________________________________ Secure Coding mailing list (SC-L) SC-L at securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php ************************************************************************* This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies. ************************************************************************* -------------- next part -------------- An HTML attachment was scrubbed... URL: http://krvw.com/pipermail/sc-l/attachments/20060609/06fb53f3/attachment.html
Current thread:
- Comparing Scanning Tools, (continued)
- Comparing Scanning Tools leichter_jerrold at emc.com (Jun 07)
- Comparing Scanning Tools McGovern, James F (HTSC, IT) (Jun 07)
- Comparing Scanning Tools Gunnar Peterson (Jun 08)
- Comparing Scanning Tools Gary McGraw (Jun 08)
- Comparing Scanning Tools McGovern, James F (HTSC, IT) (Jun 08)
- Comparing Scanning Tools Gunnar Peterson (Jun 08)
- Re: Comparing Scanning Tools Brian Chess (Jun 08)
- RE: Comparing Scanning Tools Brian Chess (Jun 08)
- RE: Comparing Scanning Tools Gunnar Peterson (Jun 09)
- RE: Comparing Scanning Tools McGovern, James F (HTSC, IT) (Jun 09)
- RE: Comparing Scanning Tools Dave Wichers (Jun 09)
- RE: Comparing Scanning Tools Jeremy Epstein (Jun 09)
- RE: Comparing Scanning Tools ljknews (Jun 09)
- RE: Comparing Scanning Tools Michael Mucha (Jun 12)
- RE: Comparing Scanning Tools John Steven (Jun 14)