Secure Coding mailing list archives
SearchSecurity: Scaling Automated Code Review
From: Gary McGraw <gem () cigital com>
Date: Tue, 28 Jan 2014 17:53:20 -0500
hi sc-l, The latest monthy SearchSecurity article was co-authored with Jim Routh, CSO of Aetna. What Jim is doing for his fifth (!!) software security initiative is very interesting. So interesting that we decided to write about it. In particular pay attention to Jim's use of a light weight IDE-based static analysis tool. This is important for two reasons: 1) because it runs on all dev desktops (and thus scales) and 2) because it finds problems in real time as they are being typed in. FIXING security problems found in this way is easier than it is in the situation when results arrive a week after they are typed in when dev on a new sprint. Scaling Automated Code Review: http://bit.ly/1iIcAPB < here is a long URL version http://searchsecurity.techtarget.com/opinion/McGraw-Software-insecurity-and-scaling-automated-code-review> As always, your feedback is welcome. Pass it on! gem company www.cigital.com podcast www.cigital.com/silverbullet blog www.cigital.com/justiceleague book www.swsec.com _______________________________________________ Secure Coding mailing list (SC-L) SC-L () securecoding org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
Current thread:
- SearchSecurity: Scaling Automated Code Review Gary McGraw (Jan 29)