hi sc-l, >From time to time a thread or two has popped up on this list discussing how we >get software security into the main stream. One obvious way to do this is >through technology transfer. I am particularly proud of the role that Cigital >has played getting security-focused static analysis out into the "main >stream." Now that IBM owns Ounce and HP owns Fortify we should see >significant uptake of the technology worldwide.
My informIT column this month is a case study that follows a technology from Cigital Labs, through Kleiner Perkins and Fortify to the mainstream. As you will see, technology transfer is hard and it takes serious time and effort. In the case of code scanning technology, the effort took two companies, millions of dollars, serious silicon valley engineering and ten years. Read all about it here: <http://www.informit.com/articles/article.aspx?p=1648912> Your comments and feedback are welcome. gem company www.cigital.com podcast www.cigital.com/silverbullet blog www.cigital.com/justiceleague book www.swsec.com _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
