Secure Coding mailing list archives

Software Security Training for Developers

From: c.mccown at intel.com (McCown, Christian M)
Date: Thu, 16 Aug 2007 16:23:29 -0700


What are folks' experiences with software security training for
developers?  By this, I'm referring to teaching developers how to write
secure code.  Ex. things like how to actually code input validation
routines, what "evil" functions and libraries to avoid, how to handle
exceptions without divulging too much info, etc.  Not "how to hack
applications".  There are quality courses and training that show you how
to break into apps--which are great, but my concern is that if you are a
developer (vs. a security analyst, QA type, pen-tester, etc.),even when
you know what could happen, unless you've been specifically taught how
to implement these concepts  in your language/platform of choice (ASP
.NET, C#, Java, etc.), you're not getting the most bang for the buck
from them.


What vendors teach it?
How much does it cost?
Actual impact realized?

Tx

____
Chris McCown, GSEC(Gold)
Intel Corporation
* (916) 377-9428 | * c.mccown at intel.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://krvw.com/pipermail/sc-l/attachments/20070816/19f76e15/attachment-0001.html

Current thread:

Software Security Training for Developers McCown, Christian M (Aug 16)
- Software Security Training for Developers Nish Bhalla (Aug 16)
  - Software Security Training for Developers McGovern, James F (HTSC, IT) (Aug 28)
    - Software Security Training for Developers Nish Bhalla (Aug 28)
- Software Security Training for Developers Sammy Migues (Aug 17)
  - Software Security Training for Developers Johan Peeters (Aug 19)
    - Message not available
    - Software Security Training for Developers Johan Peeters (Aug 20)
    - Message not available
    - Software Security Training for Developers Sammy Migues (Aug 21)
- Software Security Training for Developers McGovern, James F (HTSC, IT) (Aug 28)