Secure Coding mailing list archives
Microsoft Pushes Secure, Quality Code
From: coley at linus.mitre.org (Steven M. Christey)
Date: Mon, 8 Oct 2007 13:14:53 -0400 (EDT)
Interesting that attack surface isn't included, given that Microsoft was one of the earliest advocates of attack surface, a metric that is likely strongly associated with the number of input-related vulnerabilities. It's probably hard to do perfectly, though, especially if any third-party APIs are involved. Are there any tools out there that try to measure attack surface? Has anybody had any experience in trying to apply it? - Steve
Current thread:
- Microsoft Pushes Secure, Quality Code Kenneth Van Wyk (Oct 06)
- Microsoft Pushes Secure, Quality Code Steven M. Christey (Oct 08)
- Microsoft Pushes Secure, Quality Code Gary McGraw (Oct 08)
- Microsoft Pushes Secure, Quality Code Steven M. Christey (Oct 08)
- Microsoft Pushes Secure, Quality Code J.M. Seitz (Oct 08)
- Microsoft Pushes Secure, Quality Code Romain Gaucher (Oct 09)
- Mainframe Security McGovern, James F (HTSC, IT) (Nov 01)
- Mainframe Security Johan Peeters (Nov 01)
- Mainframe Security Kenneth Van Wyk (Nov 01)
- Mainframe Security ljknews (Nov 01)
- Mainframe Security Paul Powenski (Nov 01)
- Mainframe Security Johan Peeters (Nov 02)
- Microsoft Pushes Secure, Quality Code Gary McGraw (Oct 08)
- Microsoft Pushes Secure, Quality Code Steven M. Christey (Oct 08)