Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

Software process improvement produces secure software?

From: gwc at acm.org (George Capehart)
Date: Thu, 09 Aug 2007 20:04:32 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Kenneth Van Wyk wrote:


On Aug 7, 2007, at 7:01 AM, Francisco Nunes wrote:

During our conversation, I made a question to Mr.
Hayes similar to this: "Is it possible that only
software development process improvements can produce
secure software?"

The scenario was only based on CMMI without security
interference.


All that follows is IMHO, of course...  I would have to agree with you,
Francisco, that process improvements "without security interference" are
unlikely to produce significant changes in the security of the software
produced.


<snip rest of discussion>

Hola all,

Was waiting to see if anyone threw out the SSE-CMM (System Security
Engineering Capability Maturity Model).  Though it's directed at the
whole SDLC and not just the software development process, IMHO it's good
to have in one's back pocket when planning it . . .

Cheers,

/g

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGu6uPmuGMnN1wNOoRAscyAJ0Vecx3l73w0W1gLJnQnVD/Hj7Y2wCfaL7s
Ilqrf32fLf2x7N1tlqR/2kE=
=gGpu
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: