Secure Coding mailing list archives
Software Security Training for Developers
From: James.McGovern at thehartford.com (McGovern, James F (HTSC, IT))
Date: Tue, 28 Aug 2007 10:21:47 -0400
One of the things that is somewhat frustrating as a customer to training and software vendors are statements such as "some general policy and guidelines" without any pointers to what they should specifically contain. Public URLs are greatly appreciated. ________________________________ From: sc-l-bounces at securecoding.org [mailto:sc-l-bounces at securecoding.org] On Behalf Of Nish Bhalla Sent: Thursday, August 16, 2007 11:21 PM To: 'McCown, Christian M' Cc: sc-l at securecoding.org Subject: Re: [SC-L] Software Security Training for Developers Hi Chris, We at Security Compass have been doing that for developers for about 2 years now. We have done this type of training and also the training from the pen tester angle. Some of the things that we have seem make this training much more effective are [] If the direction for the training and security initiative is coming in from the top rather than just from one manager (not to say that having it from one manager doesn't help) [] If there are some general policy and guidelines to building secure software [] If there are general guidelines to build secure architecture [] if there are though processes in place for updating the existing SDLC with security in place to improve the overall direction of the company towards a more secure application development practice [] Finally if the training is developed around these kind of practices and customized to your specific environment. We also think providing different kinds of training for different levels of people is important, i.e. a training for managers, a training for architects, a training for QA/Security professionals and finally a training for developers. Each has a specific goal in mind and speaking in the individual language so to speak to each group. Hope this helps, If you would like to chat more just email me. Nish. ************************************************************************* This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies. ************************************************************************* -------------- next part -------------- An HTML attachment was scrubbed... URL: http://krvw.com/pipermail/sc-l/attachments/20070828/eb99f50c/attachment.html
Current thread:
- Software Security Training for Developers McCown, Christian M (Aug 16)
- Software Security Training for Developers Nish Bhalla (Aug 16)
- Software Security Training for Developers McGovern, James F (HTSC, IT) (Aug 28)
- Software Security Training for Developers Nish Bhalla (Aug 28)
- Software Security Training for Developers McGovern, James F (HTSC, IT) (Aug 28)
- Software Security Training for Developers Sammy Migues (Aug 17)
- Software Security Training for Developers Johan Peeters (Aug 19)
- Message not available
- Software Security Training for Developers Johan Peeters (Aug 20)
- Message not available
- Software Security Training for Developers Sammy Migues (Aug 21)
- Software Security Training for Developers Johan Peeters (Aug 19)
- Software Security Training for Developers Nish Bhalla (Aug 16)