Secure Coding mailing list archives
(fwd) informIT: A Software Security Framework
From: James.McGovern at thehartford.com (McGovern, James F (HTSC, IT))
Date: Wed, 15 Oct 2008 13:58:32 -0400
The framework that Pravir put together is pretty good. Brian and I did have a conversation awhile back regarding donating it to OWASP for continuation. I plan on making our firm one of the public case studies once they contribute. -----Original Message----- From: sc-l-bounces at securecoding.org [mailto:sc-l-bounces at securecoding.org] On Behalf Of Kenneth Van Wyk Sent: Wednesday, October 15, 2008 8:32 AM To: Secure Coding Subject: [SC-L] (fwd) informIT: A Software Security Framework [Posted on behalf of Gary McGraw, who is without comms right now but wanted this to go out today. KRvW] hi sc-l, Brian Chess and I have been working hard on a software security framework that we are using in a scientific study of many of the top software security initiatives. Our plan of action is to interview the people running the top ten large-scale software security initiatives over the next few weeks and then build a maturity model with the resulting data. That's right, we're actually using real data from real software security programs. Brian and I co-authored my informIT column this month, which just so happens to be about the software security framework. Please check it out, we're interested to know what you think! http://www.informit.com/articles/article.aspx?p=1271382 gem company www.cigital.com podcast www.cigital.com/silverbullet blog www.cigital.com/justiceleague book www.swsec.com ************************************************************************* This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies. *************************************************************************
Current thread:
- (fwd) informIT: A Software Security Framework Kenneth Van Wyk (Oct 15)
- (fwd) informIT: A Software Security Framework McGovern, James F (HTSC, IT) (Oct 15)
- (fwd) informIT: A Software Security Framework Kenneth Van Wyk (Oct 16)
- The CERT C Secure Coding Standard Robert Seacord (Oct 19)
- FINAL NOTICE: OWASP Portugal EU Summit Dave Wichers (Oct 27)
- The CERT C Secure Coding Standard Robert Seacord (Oct 19)
- <Possible follow-ups>
- (fwd) informIT: A Software Security Framework Gary McGraw (Oct 15)