Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

informIT: software security zombies

From: Gary McGraw <gem () cigital com>
Date: Thu, 21 Jul 2011 09:53:01 -0400
hi sc-l,

Some of us have been doing this software security thing for a long time (about 15 years in my case), and it is easy to 
overlook basic ideas that we believe everybody already gets.  During Cigital's internal technology fair this year, I 
did a presentation on these basic truths which I have deemed "software security zombies."

This month's informIT article covers the zombies:
* Network security alone will not solve the computer security problem
* Security software is not software security
* The more code you have, the more security bugs you will have
* Software security practices should be integrated into the software development lifecycle (SDLC)
* Software security defects come in two main flavorsā€”bugs at the implementation level (code) and flaws at the 
architectural level (design)
* Badness-ometers are not security meters
** Fix the (dang) software  <-- bonus baby zombie

If you've ever heard me give a talk over the last decade there is some very high chance that you've heard something 
about these zombies.  As we continue to grow the software security field, it's important that we make sure to cover the 
basics with new people and with our customers.

Speaking of customers, we have 28 openings at Cigital right now (and a staff of 200).  We are on the lookout for 
experienced software security types!

As always, your feedback is welcome.

gem

company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book www.swsec.com

_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________
Previous By Date Next
Previous By Thread Next

Current thread: