Secure Coding mailing list archives

Microsoft Pushes Secure, Quality Code

From: coley at linus.mitre.org (Steven M. Christey)
Date: Mon, 8 Oct 2007 13:14:53 -0400 (EDT)


Interesting that attack surface isn't included, given that Microsoft was
one of the earliest advocates of attack surface, a metric that is likely
strongly associated with the number of input-related vulnerabilities.
It's probably hard to do perfectly, though, especially if any third-party
APIs are involved.

Are there any tools out there that try to measure attack surface?  Has
anybody had any experience in trying to apply it?

- Steve

Current thread:

Microsoft Pushes Secure, Quality Code Kenneth Van Wyk (Oct 06)
- Microsoft Pushes Secure, Quality Code Steven M. Christey (Oct 08)
  - Microsoft Pushes Secure, Quality Code Gary McGraw (Oct 08)
    - Microsoft Pushes Secure, Quality Code Steven M. Christey (Oct 08)
  - Microsoft Pushes Secure, Quality Code J.M. Seitz (Oct 08)
  - Microsoft Pushes Secure, Quality Code Romain Gaucher (Oct 09)
    - Mainframe Security McGovern, James F (HTSC, IT) (Nov 01)
    - Mainframe Security Johan Peeters (Nov 01)
    - Mainframe Security Kenneth Van Wyk (Nov 01)
    - Mainframe Security ljknews (Nov 01)
    - Mainframe Security Paul Powenski (Nov 01)
    - Mainframe Security Johan Peeters (Nov 02)

(Thread continues...)