Secure Coding mailing list archives
WSJ.com - Tech Companies Check Software Earlier for Flaws
From: Ken at krvw.com (Kenneth R. van Wyk)
Date: Fri, 5 May 2006 13:15:52 -0400
I saw an interesting Wall Street Journal article today that talks about companies adopting software security practices. Complete story can be found at: http://online.wsj.com/public/article/SB114670277515443282-B59kll7qXrkxOXId1uF0txp8NFs_20070504.html? The article cites a couple of companies that are starting to seriously use some static code analysis tools (Coverity and Fortify) to scan their src trees for security defects. Although it doesn't address much in the way of design-time security activities, it's a good start and it's encouraging to see this sort of coverage in mainstream media. I really liked this quote - "In effect, software makers are now admitting that their previous development process was faulty. While banks and other companies that deal with sensitive customer data began to build security into software development in the late 1990s, Microsoft Corp. and other software makers are only now in the middle of revamping their software-writing processes. " Cheers, Ken van Wyk -- KRvW Associates, LLC http://www.KRvW.com -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 191 bytes Desc: not available Url : http://krvw.com/pipermail/sc-l/attachments/20060505/b371ee72/attachment.bin
Current thread:
- WSJ.com - Tech Companies Check Software Earlier for Flaws Kenneth R. van Wyk (May 05)