Secure Coding mailing list archives
Secure programming is NOT just good programming
From: ken at krvw.com (Kenneth Van Wyk)
Date: Thu, 12 Oct 2006 16:59:46 -0400
On Oct 12, 2006, at 4:32 PM, Gary McGraw wrote:
I suppose now is as good a time as any to say that everything david is talking about here is described in great detail in the HOW TO book that I released last february. If you're reading this list, you really should read that book. It's called "software security". Ken and I have trained thousands of developers using the book as a guide with some success. Cigital has a number of very large-scale software security initiatives underway at various customers that leverage that training. But more importantly, good programs instill and measure the kinds of best practices (called touchpoints in the book) that are certainly not part of standard good coding practice.
Presuming you meant "now part of..." and not "not part of..." In any case, another great source of information on the touchpoint processes in Gary's book is the DHS-sponsored Build Security In portal at http://BuildSecurityIn.us-cert.gov. It's still a work in progress, but there are a bunch of in-depth articles explaining all of Gary's touchpoint activities and such. Plus, several new articles will be appearing there over the next few months, so keep checking in for updates. The site is free and open to the public. (Full disclosure: as one of the BSI authors, I'm certainly not unbiased, but I still believe it's a valuable resource for those who are interested in learning more about the touchpoints Gary cited.) Cheers, Ken ----- Kenneth R. van Wyk KRvW Associates, LLC http://www.KRvW.com -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 186 bytes Desc: This is a digitally signed message part Url : http://krvw.com/pipermail/sc-l/attachments/20061012/03ac81d7/attachment-0001.bin
Current thread:
- Secure programming is NOT just good programming David A. Wheeler (Oct 12)
- Secure programming is NOT just good programming Leichter, Jerry (Oct 12)
- Secure programming is NOT just good programming ljknews (Oct 12)
- Secure programming is NOT just good programming Leichter, Jerry (Oct 12)
- Secure programming is NOT just good programming ljknews (Oct 12)
- Secure programming is NOT just good programming mikeiscool (Oct 12)
- <Possible follow-ups>
- Secure programming is NOT just good programming Gary McGraw (Oct 12)
- Secure programming is NOT just good programming Kenneth Van Wyk (Oct 12)
- Secure programming is NOT just good programming Leichter, Jerry (Oct 12)