SearchSecurity: Scaling Automated Code Review

[Gary McGraw <gem () cigital com>]

hi sc-l,

The latest monthy SearchSecurity article was co-authored with Jim Routh, CSO of Aetna.  What Jim is doing for his fifth 
(!!) software security initiative is very interesting.  So interesting that we decided to write about it.

In particular pay attention to Jim's use of a light weight IDE-based static analysis tool.  This is important for two 
reasons: 1) because it runs on all dev desktops (and thus scales) and 2) because it finds problems in real time as they 
are being typed in. FIXING security problems found in this way is easier than it is in the situation when results 
arrive a week after they are typed in when dev on a new sprint.

Scaling Automated Code Review: http://bit.ly/1iIcAPB

< here is a long URL version 
http://searchsecurity.techtarget.com/opinion/McGraw-Software-insecurity-and-scaling-automated-code-review>

As always, your feedback is welcome.  Pass it on!

gem

company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book www.swsec.com


_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________