Secure Coding mailing list archives

Re: SearchSecurity: Cyber Security and the Law

From: Lucas Ferreira <lucas.ferreira () gmail com>
Date: Thu, 9 Aug 2012 13:18:30 -0400

All,

OWASP has a document which was targeted at the Brazilian government at
first and then translates into English. It contains several proposals
of government actions to improve the application security (and
information security) landscape.

The English version is available here:
https://www.owasp.org/index.php/OWASP_Brasil_Manifesto/en

The original version is here:
https://www.owasp.org/index.php/OWASP_Brasil_Manifesto

Hope this fits as concrete proposals. ;-)

Regards,

Lucas

On Thu, Aug 9, 2012 at 10:45 AM, Iván Arce <ivan.w.arce () gmail com> wrote:

Gary,

Could you elaborate a bit more? Specifically, what kind of incentives
you have in mind? How would they work?

The debate about what to do to improve software security at a national
or larger scale is mostly populated with abstractions and generic ideas
but the enumeration and description of concrete, specific measures to
deploy is notably scant.

-ivan

On 8/3/12 9:32 AM, Gary McGraw wrote:

hi greg,

Good question.  I'm biased of course, but I think a BSIMM type measurement
is the best way to approach this.  (See http://bsimm.com.)  However,
regardless of measurement I strongly believe that incentives are way
better than regulations and penalties.


_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________




-- 
Homo sapiens non urinat in ventum.

_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________

Current thread:

SearchSecurity: Cyber Security and the Law Gary McGraw (Aug 02)
- Re: SearchSecurity: Cyber Security and the Law Jeffrey Walton (Aug 02)
  - Re: SearchSecurity: Cyber Security and the Law Gary McGraw (Aug 02)
    - Re: SearchSecurity: Cyber Security and the Law Greg Beeley (Aug 02)
    - Re: SearchSecurity: Cyber Security and the Law Gary McGraw (Aug 08)
    - Re: SearchSecurity: Cyber Security and the Law Iván Arce (Aug 09)
    - Re: SearchSecurity: Cyber Security and the Law Lucas Ferreira (Aug 09)
    - Re: SearchSecurity: Cyber Security and the Law Iván Arce (Aug 08)