Secure Coding mailing list archives

Language agnostic secure coding guidelines/standards?

From: coley at linus.mitre.org (Steven M. Christey)
Date: Mon, 17 Nov 2008 16:49:56 -0500 (EST)


The CWE Research view (CWE-1000) is language-neutral at its higher-level
nodes, and decomposes in some areas into language-specific constructs.
Early experience suggests that this view is not necessarily
developer-friendly, however, because it's not organized around the types
of concepts that developers typically think in.

http://cwe.mitre.org/data/definitions/1000.html

(click the Graph tab on the top right of the page to see the breakdown)

Obviously the CWE is a badness-ometer-pedia but suggests some areas that
your guidelines would hopefully address.

- Steve

Current thread:

Language agnostic secure coding guidelines/standards? Pete Werner (Nov 12)
- Language agnostic secure coding guidelines/standards? AF (Nov 13)
- Language agnostic secure coding guidelines/standards? McGovern, James F (HTSC, IT) (Nov 13)
- Language agnostic secure coding guidelines/standards? Andrew van der Stock (Nov 13)
  - Language agnostic secure coding guidelines/standards? John Steven (Nov 13)
  - Language agnostic secure coding guidelines/standards? Steven M. Christey (Nov 17)
    - Language agnostic secure coding guidelines/standards? Gary McGraw (Nov 19)
    - Language agnostic secure coding guidelines/standards? Pete Werner (Nov 20)
    - Language agnostic secure coding guidelines/standards? Dave Wichers (Nov 21)
- Language agnostic secure coding guidelines/standards? Robert Seacord (Nov 14)
- <Possible follow-ups>
- Language agnostic secure coding guidelines/standards? David A. Wheeler (Nov 14)