Information Security Mag: Vendor Control and Software Security

[Gary McGraw <gem () cigital com>]

hi sc-l,

My monthly column [in]security is sometimes published as part of Information Security Magazine.  That's what happened 
with this column I wrote way back in December. It is appearing in the Feb/Mar issue of ISM.

And here it is on the intarwebs.  This article suggests combining at least two measurements: 1) process measurement 
with vBSIMM and 2) application measurement with binary, static, or hybrid analysis.  This article begins to explain to 
the general security practitioner (think network security person) how that all works:

http://bit.ly/Y8UeIb

Please read this and pass it on.  I am interested in hearing your thoughts.

gem

company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book www.swsec.com



_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________