Secure Coding mailing list archives
IT industry creates secure coding advocacy group
From: James.McGovern at thehartford.com (McGovern, James F (HTSC, IT))
Date: Thu, 1 Nov 2007 09:49:54 -0400
I publicly support Gunnar's assertion that folks in large enterprises need to get together as a collective to drive secure coding practices. If you know of others, please do not hesitate to have them connect to me via LinkedIn (I am bad with managing contact information) and I will most certainly take the lead... -----Original Message----- From: sc-l-bounces at securecoding.org [mailto:sc-l-bounces at securecoding.org] On Behalf Of Gunnar Peterson Sent: Tuesday, October 23, 2007 3:08 PM To: Kenneth van Wyk; Secure Mailing List Subject: Re: [SC-L] IT industry creates secure coding advocacy group Hi Ken, I thought the driving force was your book, after all they named their initiative after it. Anyhow, I'll reiterate here what I blogged: It would be very interesting to see an equivalent initiative from the customer side (who are the lucky recipients who have to pay for all the security vulns created by the above). I know as a consultant there are many large companies struggling with similar secure coding issues exacerbated by outsourcing to some degree, and a lot could be gained by a shared effort. The analyst community like the vendors has more or less Fortune 500s out in the dark, so this may be an area where a half dozen or so motivated security architects and CISOs at Fortune 500s could band together to create a group to help drive change. None of the other big players (analysts, vendors, big consulting firms) seem to be doing it. Why not bootstrap a Fortune 500 Secure Coding Initiative to drive better products, services and share best practices in the software security space? -gp On 10/23/07 1:55 PM, "Kenneth Van Wyk" <ken at krvw.com> wrote:
Saw this story via Gunnar's blog (thanks!): http://www.gcn.com/online/vol1_no1/45286-1.html Any thoughts on new group, which is calling itself SAFEcode? Anyone here involved in its formation and care to share with us what's the driving force behind it? Cheers, Ken ----- Kenneth R. van Wyk SC-L Moderator KRvW Associates, LLC http://www.KRvW.com _______________________________________________ Secure Coding mailing list (SC-L) SC-L at securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the
software security community.
_______________________________________________
On 10/23/07 1:55 PM, "Kenneth Van Wyk" <ken at krvw.com> wrote:
Saw this story via Gunnar's blog (thanks!): http://www.gcn.com/online/vol1_no1/45286-1.html Any thoughts on new group, which is calling itself SAFEcode? Anyone here involved in its formation and care to share with us what's the driving force behind it? Cheers, Ken ----- Kenneth R. van Wyk SC-L Moderator KRvW Associates, LLC http://www.KRvW.com _______________________________________________ Secure Coding mailing list (SC-L) SC-L at securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the
software security community.
_______________________________________________
-- Gunnar Peterson, Managing Principal, Arctec Group http://www.arctecgroup.net Blog: http://1raindrop.typepad.com _______________________________________________ Secure Coding mailing list (SC-L) SC-L at securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________ ************************************************************************* This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies. *************************************************************************
Current thread:
- IT industry creates secure coding advocacy group Kenneth Van Wyk (Oct 23)
- IT industry creates secure coding advocacy group Gunnar Peterson (Oct 23)
- IT industry creates secure coding advocacy group McGovern, James F (HTSC, IT) (Nov 01)
- IT industry creates secure coding advocacy group Gunnar Peterson (Oct 23)