I meant to send this to the list. -----Original Message----- From: Gary McGraw Sent: Tuesday, May 15, 2007 9:09 AM To: 'ljknews' Subject: RE: [SC-L] Darkreading: Secure Coding Certification
Oops. Sorry about that. I just checked the URL for the darkreading article again. Looks the same to me: http://www.darkreading.com/document.asp?doc_id=123606 Please note that a nice little thread has developed over there as well (the hazards of a net existence). http://www.darkreading.com/boards/messages.asp?thread_id=155877&msg_id=144925&t=true There is a huge body of knowledge and of best practices that has developed over the last decade of work in software security. I tried to describe it all in detail in my boko "Software Security," so get a copy of that if you're interested. We have moved well past a collection of data about common bugs. gem company www.cigital.com podcast www.cigital.com/silverbullet blog www.cigital.com/justiceleague book www.swsec.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ljknews Sent: Saturday, May 12, 2007 8:04 AM To: SC-L@securecoding.org Subject: Re: [SC-L] Darkreading: Secure Coding Certification At 11:17 AM -0400 5/11/07, Gary McGraw wrote: > As readers of the list know, SANS recently announced a certification > scheme for secure programming. Many vendors and consultants jumped > on the bandwagon. I'm not so sure the bandwagon is going anywhere. > I explain why in my latest darkreading column: > > http://www.darkreading.com/document.asp?doc_id=123606 Well that page shows up as blank in my browser and shows 637 HTML errors on http://validator.w3.org, > What do you think? Can we test someone's software security knowledge with > a multiple choice test? Anybody seen the body of knowledge behind the test? but based on biases I see on this list, I tend to believe that those who make such a certification scheme would bias it toward: Programming done in C and derivative languages (C++, Java, etc.) Programming relying on TCP/IP neither of which is relevant to my endeavors. -- Larry Kilgallen _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________ _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________