Secure Coding mailing list archives
"Checklist Manifesto" applicability to software security
From: steingra at gmail.com (Andy Steingruebl)
Date: Thu, 7 Jan 2010 09:19:14 -0800
On Thu, Jan 7, 2010 at 7:11 AM, Jeremy Epstein <jeremy.j.epstein at gmail.com> wrote:
Greetings, So as I was listening, I was thinking that many of the same things could be said about software developers and problems with software security - every piece of software is unique, any non-trivial piece of software is amazingly complex, developers tend to consider themselves as artists creating unique works, etc. Has anyone looked into the parallelisms before? ?If so, I'd be interested in chatting (probably offlist) about your thoughts.
I've had exceptionally good luck/results from checklists during the development process, though nothing I could scientifically quantify. That said, I wonder whether any of the academics on the list would be willing to actually do a study. Do some actual trials on defect rates in things like student assignments when they have some students go through a checklist to examine their code, and others not. Might be interesting to see exactly what types of checklist items really result in a reduction in bugs... -- Andy Steingruebl steingra at gmail.com
Current thread:
- "Checklist Manifesto" applicability to software security Jeremy Epstein (Jan 07)
- "Checklist Manifesto" applicability to software security Brian Chess (Jan 07)
- "Checklist Manifesto" applicability to software security Benjamin Tomhave (Jan 07)
- "Checklist Manifesto" applicability to software security John Wilander (Jan 07)
- "Checklist Manifesto" applicability to software security Andy Steingruebl (Jan 07)
- "Checklist Manifesto" applicability to software security Gary McGraw (Jan 07)