Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

SANS Institute - CWE/SANS TOP 25 Most Dangerous Programming Errors

From: stephen at twisteddelight.org (Stephen de Vries)
Date: Wed, 14 Jan 2009 23:18:56 +0100

On Jan 14, 2009, at 8:45 PM, Steven M. Christey wrote:


To all, I'll ask a more strategic question - assuming we're agreed  
that
the Top 25 is a non-optimal means to an end, what can the software
security community do better to raise awareness and see real-world  
change?


 From a Web Security point of view, have a look at the OWASP ASVS  
project: http://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project

Abstract:
"Whereas the OWASP Top Ten is a tool that provides web application  
security awareness, the OWASP Application Security Verification  
Standard (ASVS) is a commercially-workable open standard that defines  
ranges in coverage and levels of rigor that can be used to perform  
application security verifications
...
The primary aim of the OWASP ASVS Project is to normalize the range in  
the coverage and level of rigor available in the market when it comes  
to performing application security verification using a commercially- 
workable open standard. This standard can be used to establish a level  
of confidence in the security of web applications."


regards,
Stephen
Previous By Date Next
Previous By Thread Next

Current thread: