Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

Language agnostic secure coding guidelines/standards?

From: gem at cigital.com (Gary McGraw)
Date: Wed, 19 Nov 2008 16:00:06 -0500
badness-ometer-pedia!  most excellent descriptive phrase.  You guys should change the official name!

Incidentally, one of the best uses data like these can be put to is training.

gem

company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book www.swsec.com


On 11/17/08 4:49 PM, "Steven M. Christey" <coley at linus.mitre.org> wrote:



The CWE Research view (CWE-1000) is language-neutral at its higher-level
nodes, and decomposes in some areas into language-specific constructs.
Early experience suggests that this view is not necessarily
developer-friendly, however, because it's not organized around the types
of concepts that developers typically think in.

http://cwe.mitre.org/data/definitions/1000.html

(click the Graph tab on the top right of the page to see the breakdown)

Obviously the CWE is a badness-ometer-pedia but suggests some areas that
your guidelines would hopefully address.

- Steve
_______________________________________________
Secure Coding mailing list (SC-L) SC-L at securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________
Previous By Date Next
Previous By Thread Next

Current thread: