Secure Coding mailing list archives

top 10 software security surprises

From: gem at cigital.com (Gary McGraw)
Date: Tue, 16 Dec 2008 13:25:03 -0500

hi sc-l,

Using the software security framework introduced in October (A Software Security Framework: Working Towards a Realistic 
Maturity Model <http://www.informit.com/articles/article.aspx?p=1271382>), we interviewed nine executives running top 
software security programs in order to gather real data from real programs. Our goal is to create a maturity model 
based on these data, and we're busy working on that (stay tuned here for more). However, in the course of analyzing the 
data we gathered, we unearthed some surprises that we share in this month's informIT article:

http://www.informit.com/articles/article.aspx?p=1315431

My bet is that some of the findings will come as a surprise to sc-l readers as well.  Check the article out.

Merry New Year to you all.

gem

company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book www.swsec.com

Current thread:

top 10 software security surprises Gary McGraw (Dec 16)
- top 10 software security surprises Pravir Chandra (Dec 16)
- top 10 software security surprises Kenneth Van Wyk (Dec 17)
  - top 10 software security surprises Ivan Ristic (Dec 17)
  - top 10 software security surprises Brian Chess (Dec 17)