WSJ.com - Tech Companies Check Software Earlier for Flaws

[Ken at krvw.com (Kenneth R. van Wyk)]

I saw an interesting Wall Street Journal article today that talks about 
companies adopting software security practices.  Complete story can be found 
at:

http://online.wsj.com/public/article/SB114670277515443282-B59kll7qXrkxOXId1uF0txp8NFs_20070504.html?

The article cites a couple of companies that are starting to seriously use 
some static code analysis tools (Coverity and Fortify) to scan their src 
trees for security defects.  Although it doesn't address much in the way of 
design-time security activities, it's a good start and it's encouraging to 
see this sort of coverage in mainstream media.

I really liked this quote - "In effect, software makers are now admitting that 
their previous development process was faulty. While banks and other 
companies that deal with sensitive customer data began to build security into 
software development in the late 1990s, Microsoft Corp. and other software 
makers are only now in the middle of revamping their software-writing 
processes. "

Cheers,

Ken van Wyk
-- 
KRvW Associates, LLC
http://www.KRvW.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : http://krvw.com/pipermail/sc-l/attachments/20060505/b371ee72/attachment.bin