fyi/msh
-
Michael S Hines
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Baker, Dave
Sent: Tuesday, August 07, 2007 8:27 AM
To: [EMAIL PROTECTED]
Subject: [Dfsci] BlackHat paper on attacks against forensics s
Dear list members.
In june 2007, I had an interesting conversation with
Mr. Will Hayes from SEI during the Brazilian Symposium
on Software Quality. It was a great experience and I
am very grateful for this.
During our conversation, I made a question to Mr.
Hayes similar to this: "Is it possible t
I've always had a question about this as well; specifically, what is really
meant by "adding security to a CMM"?
I've always felt that the level at which the software (or system) process is
defined by a CMM is too high and too abstract for the addition of security
activities to be particularly
A simple way to understand why implementing software development
process improvement will not necessarily produce secure software is to
read the Common Criteria.
yes, I know that it's opaque and hard to understand, but once you have
gone through the process of writing a Protection Profile for a