Secure Coding mailing list archives
heise Security - News - Security specialist leaves PHP security team
From: dinis at ddplus.net (Dinis Cruz)
Date: Fri, 15 Dec 2006 00:27:56 +0000
This is a very good example of the security problems that Open Source projects have. Open Source projects need to have strong Secure Development Lifecicles for their software. And here they could do worse than learn from Microsoft's efforts. One of the projects that I really want to do at the OWASP is an SDL project which should be used on OWASP projects (39 at last count ( http://www.owasp.org/index.php/Category:OWASP_Project)) in order to ensure that OWASP tools are as secure as they can be. We need to make our software more secure and trustworthy and a solid SDL is a good (first) step. Eventually we will need to move to the Sandboxing model, but I won't start the thread again :) Dinis Cruz Chief OWASP Evangelist http://www.owasp.org On 12/14/06, Kenneth Van Wyk <Ken at krvw.com> wrote:
I guess this falls in to the "you can lead a horse to water, but you can't make him drink" category: http://www.heise-security.co.uk/news/82500 A member of the PHP security team has left in apparent disgust over the team's security practices. I doubt that anyone here on SC-L is surprised by the article, but PHP remains quite popular, and it seems sad to see it losing some vital and much-needed security support. Well, there's always AJAX, I suppose. ;-\ Cheers, Ken P.S. Hey, SC-L is 3 years old this month! ----- Kenneth R. van Wyk SC-L Moderator KRvW Associates, LLC http://www.KRvW.com _______________________________________________ Secure Coding mailing list (SC-L) SC-L at securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
-- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://krvw.com/pipermail/sc-l/attachments/20061215/2f8a9e9d/attachment.html
Current thread:
- heise Security - News - Security specialist leaves PHP security team Kenneth Van Wyk (Dec 14)
- heise Security - News - Security specialist leaves PHP security team Dinis Cruz (Dec 14)