Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Fwd: [SEWORLD] SWEBOK Version 3 Call for Reviewers

From: Martin Gilje Jaatun <secse-chair () sislab no>
Date: Sat, 10 Mar 2012 14:01:23 +0100
Agreed, but can you make secure code without thinking about security at all? I don't think so - it's a bit like the safety vs. security debate; in the latter case the human attacker with hostile intent tends to invalidate your assumptions... 

-Martin

Den 07.03.2012 22:27, skrev James Manico:
Karen is of course right. At the very least, high quality source code design and software is a lot easier to assess and secure than the alternative. 

--
Jim Manico
VP, Security Architecture
WhiteHat Security
(808) 652-3805
On Mar 7, 2012, at 4:09 PM, "Goertzel, Karen [USA]" <goertzel_karen () bah com <mailto:goertzel_karen () bah com>> wrote:
Unfortunately, it seems like the SWEBOK folks still believe that if you have high-quality software, that will be sufficient to assure robustness against intentional threats. It also shows a touching lack of faith that there will never be an malicious participant in the SDLC intentionally sabotaging or subverting the code, test results, etc. 

===
Karen Mercedes Goertzel, CISSP
Lead Associate
Booz Allen Hamilton
703.698.7454
goertzel_karen () bah com <mailto:goertzel_karen () bah com>

"I love deadlines. I like the whooshing sound they make as they fly by."
- Douglas Adams
------------------------------------------------------------------------
*From:* sc-l-bounces () securecoding org <mailto:sc-l-bounces () securecoding org> [sc-l-bounces () securecoding org <mailto:sc-l-bounces () securecoding org>] on behalf of Martin Gilje Jaatun [secse-chair () sislab no <mailto:secse-chair () sislab no>] 
*Sent:* 05 March 2012 07:02
*To:* Secure Coding
*Subject:* [SC-L] Fwd: [SEWORLD] SWEBOK Version 3 Call for Reviewers

Hi SC-L,
I would have hoped that "Software Security" should have been a topic area in SWEBOK, right alongside "Software Quality", but it doesn't look like it... 

-Martin

-------- Opprinnelig melding --------
Emne:   [SEWORLD] SWEBOK Version 3 Call for Reviewers
Dato:   Fri, 2 Mar 2012 10:53:26 -0700
Fra:    Dick Fairley <dickfairley () gmail com>
Til:    seworld () sigsoft org



*Call for Reviewers of Three New Knowledge Area Descriptions for the*

*Guide to the Software Engineering Body of Knowledge*

The IEEE Computer Society is now soliciting public review comments on three
knowledge areas (KAs) for Version 3 of the Guide to the Software
Engineering Body of Knowledge (SWEBOK V3).  SWEBOK V3 is an update to the
2004 version of the SWEBOK Guide, which is also known as Technical Report
ISO/IEC TR 19759.  The 15 KAs in SWEBOK V3 are being published
incrementally as they become available for review.

The purposes of the SWEBOK Guide are: to characterize the contents of the
software engineering discipline; to promote a consistent view of software
engineering worldwide; to clarify the place of, and set the boundary of
software engineering with respect to other disciplines; to provide a
foundation for training materials and curriculum development; and to
provide a basis for certification and licensing of software engineers.

Three new KAs are now available for review (Software Engineering Methods
and Models; Software Maintenance; and Mathematical Foundations). These KAs
can be reviewed and comments can be submitted at:

computer.centraldesktop.com/swebokv3review/  <http://computer.centraldesktop.com/swebokv3review/>

The review period for these KAs extends from March 2 to March 31, 2012.

Three of the SWEBOK V3 KAs (Computing Foundations, Software Construction,
and Software Configuration Management) have been reviewed and the review
period is closed; the KA editors are resolving the public review
comments.  Resolution
of submitted comments for all KAs will be displayed on the SWEBOK V3 Web
site as they become available.  All review comments, as well the names and
countries of the reviewers providing the comments, will be made public.  Email
addresses, affiliations, and other identifying information of reviewers
will not be made public.

Present and potential reviewers will be notified when additional KAs become
available for review.  Each KA, when posted, will be available for review
for 30 calendar days from the date of posting.

  For further information or help please contact Dick Fairley, chair of the
SWEBOK V3 Change Control Board atd.fairley () computer org.

============================================================
To contribute to SEWORLD, send your submission to
mailto:seworld () sigsoft org

http://www.sigsoft.org/seworld  provides more
information on SEWORLD as well as a complete archive of
messages posted to the list.
============================================================

_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org <mailto:SC-L () securecoding org> List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l 
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) 
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________



_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________
Previous By Date Next
Previous By Thread Next

Current thread: