Secure Coding mailing list archives
Software process improvement produces secure software?
From: gwc at acm.org (George Capehart)
Date: Thu, 09 Aug 2007 20:04:32 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kenneth Van Wyk wrote:
On Aug 7, 2007, at 7:01 AM, Francisco Nunes wrote:During our conversation, I made a question to Mr. Hayes similar to this: "Is it possible that only software development process improvements can produce secure software?" The scenario was only based on CMMI without security interference.All that follows is IMHO, of course... I would have to agree with you, Francisco, that process improvements "without security interference" are unlikely to produce significant changes in the security of the software produced.
<snip rest of discussion> Hola all, Was waiting to see if anyone threw out the SSE-CMM (System Security Engineering Capability Maturity Model). Though it's directed at the whole SDLC and not just the software development process, IMHO it's good to have in one's back pocket when planning it . . . Cheers, /g -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGu6uPmuGMnN1wNOoRAscyAJ0Vecx3l73w0W1gLJnQnVD/Hj7Y2wCfaL7s Ilqrf32fLf2x7N1tlqR/2kE= =gGpu -----END PGP SIGNATURE-----
Current thread:
- Software process improvement produces secure software? Francisco Nunes (Aug 07)
- Software process improvement produces secure software? Goertzel, Karen (Aug 07)
- Software process improvement produces secure software? McGovern, James F (HTSC, IT) (Aug 29)
- Software process improvement produces secure software? Julie Ryan (Aug 07)
- Software process improvement produces secure software? Kenneth Van Wyk (Aug 08)
- Software process improvement produces secure software? George Capehart (Aug 09)
- Really dumb questions? McGovern, James F (HTSC, IT) (Aug 29)
- Message not available
- Really dumb questions? Bret Watson (Aug 29)
- Really dumb questions? Robert C. Seacord (Aug 30)
- Software process improvement produces secure software? George Capehart (Aug 09)
- Really dumb questions? John Steven (Aug 30)
- Really dumb questions? Leichter, Jerry (Aug 30)
- Software process improvement produces secure software? Goertzel, Karen (Aug 07)