Secure Coding mailing list archives

"Checklist Manifesto" applicability to software security

From: steingra at gmail.com (Andy Steingruebl)
Date: Thu, 7 Jan 2010 09:19:14 -0800

On Thu, Jan 7, 2010 at 7:11 AM, Jeremy Epstein
<jeremy.j.epstein at gmail.com> wrote:

Greetings,

So as I was listening, I was thinking that many of the same things
could be said about software developers and problems with software
security - every piece of software is unique, any non-trivial piece of
software is amazingly complex, developers tend to consider themselves
as artists creating unique works, etc.

Has anyone looked into the parallelisms before? ?If so, I'd be
interested in chatting (probably offlist) about your thoughts.


I've had exceptionally good luck/results from checklists during the
development process, though nothing I could scientifically quantify.

That said, I wonder whether any of the academics on the list would be
willing to actually do a study.  Do some actual trials on defect rates
in things like student assignments when they have some students go
through a checklist to examine their code, and others not.  Might be
interesting to see exactly what types of checklist items really result
in a reduction in bugs...

-- 
Andy Steingruebl
steingra at gmail.com

Current thread:

"Checklist Manifesto" applicability to software security Jeremy Epstein (Jan 07)
- "Checklist Manifesto" applicability to software security Brian Chess (Jan 07)
- "Checklist Manifesto" applicability to software security Benjamin Tomhave (Jan 07)
  - "Checklist Manifesto" applicability to software security John Wilander (Jan 07)
- "Checklist Manifesto" applicability to software security Andy Steingruebl (Jan 07)
- "Checklist Manifesto" applicability to software security Gary McGraw (Jan 07)