Secure Coding mailing list archives
SANS Institute - CWE/SANS TOP 25 Most Dangerous Programming Errors
From: stephen at twisteddelight.org (Stephen de Vries)
Date: Wed, 14 Jan 2009 23:18:56 +0100
On Jan 14, 2009, at 8:45 PM, Steven M. Christey wrote:
To all, I'll ask a more strategic question - assuming we're agreed that the Top 25 is a non-optimal means to an end, what can the software security community do better to raise awareness and see real-world change?
From a Web Security point of view, have a look at the OWASP ASVS project: http://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project Abstract: "Whereas the OWASP Top Ten is a tool that provides web application security awareness, the OWASP Application Security Verification Standard (ASVS) is a commercially-workable open standard that defines ranges in coverage and levels of rigor that can be used to perform application security verifications ... The primary aim of the OWASP ASVS Project is to normalize the range in the coverage and level of rigor available in the market when it comes to performing application security verification using a commercially- workable open standard. This standard can be used to establish a level of confidence in the security of web applications." regards, Stephen
Current thread:
- SANS Institute - CWE/SANS TOP 25 Most Dangerous Programming Errors Kenneth Van Wyk (Jan 12)
- SANS Institute - CWE/SANS TOP 25 Most Dangerous ProgrammingErrors Tom Brennan - OWASP (Jan 12)
- SANS Institute - CWE/SANS TOP 25 Most Dangerous ProgrammingErrors vanderaj vanderaj (Jan 12)
- SANS Institute - CWE/SANS TOP 25 Most Dangerous ProgrammingErrors Gary McGraw (Jan 13)
- SANS Institute - CWE/SANS TOP 25 Most Dangerous ProgrammingErrors Steven M. Christey (Jan 13)
- SANS Institute - CWE/SANS TOP 25 Most Dangerous Programming Errors Gary McGraw (Jan 14)
- SANS Institute - CWE/SANS TOP 25 Most Dangerous Programming Errors Steven M. Christey (Jan 14)
- SANS Institute - CWE/SANS TOP 25 Most Dangerous Programming Errors Stephen de Vries (Jan 14)
- SANS Institute - CWE/SANS TOP 25 Most Dangerous Programming Errors Gary McGraw (Jan 14)
- SANS Institute - CWE/SANS TOP 25 Most Dangerous Programming Errors Stephen de Vries (Jan 15)
- SANS Institute - CWE/SANS TOP 25 Most Dangerous Programming Errors Pravir Chandra (Jan 15)
- SANS Institute - CWE/SANS TOP 25 Most Dangerous ProgrammingErrors vanderaj vanderaj (Jan 12)
- SANS Institute - CWE/SANS TOP 25 Most Dangerous ProgrammingErrors Tom Brennan - OWASP (Jan 12)
- SANS Institute - CWE/SANS TOP 25 Most Dangerous ProgrammingErrors Chris Wysopal (Jan 13)
- SANS Institute - CWE/SANS TOP 25 Most Dangerous ProgrammingErrors Gary McGraw (Jan 14)