On Mar 3, 2009, at 10:11 AM, Gary McGraw wrote:
Our fearless leader Ken gave a nice presentation on software security methodologies yesterday at secappdev. I wonder what he says about the Touchpoints when I'm not in the room?!
Thanks for the kind words. What I say about the Touchpoints, Microsoft's SDL, or OWASP's CLASP remains the same whether you're in the room or not. They all offer good points and bad points. I tend to favor a hybrid approach that works well for me, which is what I always recommend to my customers.
More importantly, though, I am eager to update the message with what the companies who participated in the BSIMM are actually doing in practice.
Cheers, Ken ----- Kenneth R. van Wyk KRvW Associates, LLC http://www.KRvW.com
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
