I was thinking that there is an opportunity for us otherwise lazy enterprisey types to do our part in order to promote secure coding in an open source way. Small vendors tend to be filled with lots of folks that know C, Java and .NET but may not have anyone who knows COBOL. Minimally, they probably won't have access to a mainframe or a large code base.
Being an individual who is savage about being open and participating in a community, I would like to figure out why my particular call to action is. What questions should I be asking myself regarding our mainframe, how to exploit, etc so that I can make this type of knowledge open source such that all the static analysis tools can start to incorporate? ************************************************************************* This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies. ************************************************************************* _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________