Unfortunately, it seems like the SWEBOK folks still believe that if you have high-quality software, that will be sufficient to assure robustness against intentional threats. It also shows a touching lack of faith that there will never be an malicious participant in the SDLC intentionally sabotaging or subverting the code, test results, etc.
=== Karen Mercedes Goertzel, CISSP Lead Associate Booz Allen Hamilton 703.698.7454 goertzel_ka...@bah.com "I love deadlines. I like the whooshing sound they make as they fly by." - Douglas Adams ________________________________ From: sc-l-boun...@securecoding.org [sc-l-boun...@securecoding.org] on behalf of Martin Gilje Jaatun [secse-ch...@sislab.no] Sent: 05 March 2012 07:02 To: Secure Coding Subject: [SC-L] Fwd: [SEWORLD] SWEBOK Version 3 Call for Reviewers Hi SC-L, I would have hoped that "Software Security" should have been a topic area in SWEBOK, right alongside "Software Quality", but it doesn't look like it... -Martin -------- Opprinnelig melding -------- Emne: [SEWORLD] SWEBOK Version 3 Call for Reviewers Dato: Fri, 2 Mar 2012 10:53:26 -0700 Fra: Dick Fairley <dickfair...@gmail.com><mailto:dickfair...@gmail.com> Til: sewo...@sigsoft.org<mailto:sewo...@sigsoft.org> *Call for Reviewers of Three New Knowledge Area Descriptions for the* *Guide to the Software Engineering Body of Knowledge* The IEEE Computer Society is now soliciting public review comments on three knowledge areas (KAs) for Version 3 of the Guide to the Software Engineering Body of Knowledge (SWEBOK V3). SWEBOK V3 is an update to the 2004 version of the SWEBOK Guide, which is also known as Technical Report ISO/IEC TR 19759. The 15 KAs in SWEBOK V3 are being published incrementally as they become available for review. The purposes of the SWEBOK Guide are: to characterize the contents of the software engineering discipline; to promote a consistent view of software engineering worldwide; to clarify the place of, and set the boundary of software engineering with respect to other disciplines; to provide a foundation for training materials and curriculum development; and to provide a basis for certification and licensing of software engineers. Three new KAs are now available for review (Software Engineering Methods and Models; Software Maintenance; and Mathematical Foundations). These KAs can be reviewed and comments can be submitted at: computer.centraldesktop.com/swebokv3review/ The review period for these KAs extends from March 2 to March 31, 2012. Three of the SWEBOK V3 KAs (Computing Foundations, Software Construction, and Software Configuration Management) have been reviewed and the review period is closed; the KA editors are resolving the public review comments. Resolution of submitted comments for all KAs will be displayed on the SWEBOK V3 Web site as they become available. All review comments, as well the names and countries of the reviewers providing the comments, will be made public. Email addresses, affiliations, and other identifying information of reviewers will not be made public. Present and potential reviewers will be notified when additional KAs become available for review. Each KA, when posted, will be available for review for 30 calendar days from the date of posting. For further information or help please contact Dick Fairley, chair of the SWEBOK V3 Change Control Board at d.fair...@computer.org<mailto:d.fair...@computer.org>. ============================================================ To contribute to SEWORLD, send your submission to mailto:sewo...@sigsoft.org http://www.sigsoft.org/seworld provides more information on SEWORLD as well as a complete archive of messages posted to the list. ============================================================
_______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
