Secure Coding mailing list archives
Darkreading: Secure Coding Certification
From: coley at linus.mitre.org (Steven M. Christey)
Date: Wed, 16 May 2007 15:18:04 -0400 (EDT)
Maybe the test shouldn't focus on code at all? If we can agree that many flaws are found at design time even before code is written (Yes, most folks still use waterfall approaches but that is a different debate) then why can't questions occur at this level?
It was decided early on that this test would have a heavy emphasis on coding, since programmers who've just entered the workplace (the target examinees) are not likely to be heavily involved in design. While this decision was not unanimous, many of the core contributors agreed with this philosophy. Obviously this leaves a few gaps with respect to secure software development, which I'm sure will be addressed by someone somewhere, sometime. - Steve
Current thread:
- Darkreading: Secure Coding Certification Gary McGraw (May 11)
- Darkreading: Secure Coding Certification Johan Peeters (May 12)
- Darkreading: Secure Coding Certification Greg Beeley (May 12)
- Darkreading: Secure Coding Certification Florian Weimer (May 13)
- Darkreading: Secure Coding Certification Joe Teff (May 14)
- Darkreading: Secure Coding Certification Greg Beeley (May 15)
- Darkreading: Secure Coding Certification McGovern, James F (HTSC, IT) (May 16)
- Darkreading: Secure Coding Certification Steven M. Christey (May 16)
- Darkreading: Secure Coding Certification Arian J. Evans (May 16)
- Darkreading: Secure Coding Certification McGovern, James F (HTSC, IT) (May 21)
- Tools: Evaluation Criteria McGovern, James F (HTSC, IT) (May 22)
- Tools: Evaluation Criteria Steven M. Christey (May 22)
- Tools: Evaluation Criteria McGovern, James F (HTSC, IT) (May 23)
- Darkreading: Secure Coding Certification Johan Peeters (May 12)
- Darkreading: Secure Coding Certification pmeunier (May 15)
- Darkreading: Secure Coding Certification Steven M. Christey (May 14)