Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

heise Security - News - Security specialist leaves PHP security team

From: dinis at ddplus.net (Dinis Cruz)
Date: Fri, 15 Dec 2006 00:27:56 +0000
This is a very good example of the security problems that Open Source
projects have.

Open Source projects need to have strong Secure Development Lifecicles for
their software. And here they could do worse than learn from Microsoft's
efforts.

One of the projects that I really want to do at the OWASP is an SDL project
which should be used on OWASP projects (39 at last count (
http://www.owasp.org/index.php/Category:OWASP_Project)) in order to ensure
that OWASP tools are as secure as they can be.

We need to make our software more secure and trustworthy and a solid SDL is
a good (first) step. Eventually we will need to move to the Sandboxing
model, but I won't start the thread again :)

Dinis Cruz
Chief OWASP Evangelist
http://www.owasp.org

On 12/14/06, Kenneth Van Wyk <Ken at krvw.com> wrote:


I guess this falls in to the "you can lead a horse to water, but you can't
make him drink" category:

http://www.heise-security.co.uk/news/82500
A member of the PHP security team has left in apparent disgust over the
team's security practices.
I doubt that anyone here on SC-L is surprised by the article, but PHP
remains quite popular, and it seems sad to see it losing some vital and
much-needed security support.

Well, there's always AJAX, I suppose.  ;-\

Cheers,

Ken

P.S. Hey, SC-L is 3 years old this month!
-----
Kenneth R. van Wyk
SC-L Moderator
KRvW Associates, LLC
http://www.KRvW.com





_______________________________________________
Secure Coding mailing list (SC-L)
SC-L at securecoding.org

List information, subscriptions, etc -
http://krvw.com/mailman/listinfo/sc-l

List charter available at - http://www.securecoding.org/list/charter.php

SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________







--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://krvw.com/pipermail/sc-l/attachments/20061215/2f8a9e9d/attachment.html
Previous By Date Next
Previous By Thread Next

Current thread: