Speaking of "top 25 tea leaves," the "bug parade boogeyman" just called
and reminded me that the 2010 Top 25 is due to be released next Thursday,
February 4. Thanks for the plug.
A preview of some of the brand-new features:
1) Data-driven ranking with alternate metrics to feed the brain and
stimulate wider discussion - featuring special guest star Elizabeth
Nichols
2) Multiple focus profiles to avoid one-size-fits-all
3) Cross-cutting mitigations that expand far beyond the Top 25 - AND show
which mitigations address which Top 25's
4) References to resources such as BSIMM (and even that controversial
bad-boy ESAPI) to get people thinking even more about systematic
software security
... and a few more tidbits.
This particular Cargo-Culting pseudoscientist has dutifully listened to
his fellow islanders. This year we've made shiny new airstrips and
control towers, and apparently we've already started some fires. The
planes will TOTALLY come back! Or maybe I'm just feeling a little
whimsical.
- Steve
P.S. I can't wait until software security becomes an actual science,
because as we all know, scientists are much too rational to ever indulge
in self-destructive infighting and name-calling that hinders opportunities
for progress in their field.
_______________________________________________
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________