Secure Coding mailing list archives
Language agnostic secure coding guidelines/standards?
From: coley at linus.mitre.org (Steven M. Christey)
Date: Mon, 17 Nov 2008 16:49:56 -0500 (EST)
The CWE Research view (CWE-1000) is language-neutral at its higher-level nodes, and decomposes in some areas into language-specific constructs. Early experience suggests that this view is not necessarily developer-friendly, however, because it's not organized around the types of concepts that developers typically think in. http://cwe.mitre.org/data/definitions/1000.html (click the Graph tab on the top right of the page to see the breakdown) Obviously the CWE is a badness-ometer-pedia but suggests some areas that your guidelines would hopefully address. - Steve
Current thread:
- Language agnostic secure coding guidelines/standards? Pete Werner (Nov 12)
- Language agnostic secure coding guidelines/standards? AF (Nov 13)
- Language agnostic secure coding guidelines/standards? McGovern, James F (HTSC, IT) (Nov 13)
- Language agnostic secure coding guidelines/standards? Andrew van der Stock (Nov 13)
- Language agnostic secure coding guidelines/standards? John Steven (Nov 13)
- Language agnostic secure coding guidelines/standards? Steven M. Christey (Nov 17)
- Language agnostic secure coding guidelines/standards? Gary McGraw (Nov 19)
- Language agnostic secure coding guidelines/standards? Pete Werner (Nov 20)
- Language agnostic secure coding guidelines/standards? Dave Wichers (Nov 21)
- <Possible follow-ups>
- Language agnostic secure coding guidelines/standards? David A. Wheeler (Nov 14)