Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

Darkreading: Secure Coding Certification

From: gem at cigital.com (Gary McGraw)
Date: Wed, 16 May 2007 16:25:56 -0400
Hi all,

I like this idea.   There is plenty of non-code material to master in our field.   I think a bunch of it is covered in 
detail in "Software Security"...but I am biased.

I would like to see coverage of common attack patterns, coverage of risk analysis basics, and coverage of both positive 
and negative design patterns.

gem

P.S. I plan to respond soon to previous posts.   Too much time on airplanes lately.

company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book www.swsec.com



Sent from my treo.

 -----Original Message-----
From:   McGovern, James F (HTSC, IT) [mailto:James.McGovern at thehartford.com]
Sent:   Wednesday, May 16, 2007 03:08 PM Eastern Standard Time
To:     SC-L at securecoding.org
Subject:        [SC-L] Darkreading: Secure Coding Certification

Maybe the test shouldn't focus on code at all? If we can agree that many flaws are found at design time even before 
code is written (Yes, most folks still use waterfall approaches but that is a different debate) then why can't 
questions occur at this level?

If we follow the trend of IT at large, we would understand that lots of "coding" is going outside of the United States 
but architecture and design for the most part is still onshore, it has the potential for a bigger impact, access to 
more capital and therefore should come first.


*************************************************************************
This communication, including attachments, is
for the exclusive use of addressee and may contain proprietary,
confidential and/or privileged information.  If you are not the intended
recipient, any use, copying, disclosure, dissemination or distribution is
strictly prohibited.  If you are not the intended recipient, please notify
the sender immediately by return e-mail, delete this communication and
destroy all copies.
*************************************************************************


_______________________________________________
Secure Coding mailing list (SC-L) SC-L at securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________
Previous By Date Next
Previous By Thread Next

Current thread: