All,
I figured people on this list might be interested in this. If you have
any concerns or suggestions about CWE, the upcoming months will be the
best time to raise them in a focused discussion forum, the CWE Researcher
List.
If you don't know what CWE is, then shame on me for not pimping it e
There has been some movement in this direction and I think you are
correct that that we need to educate the mainstream QA audience just as
we must educate the mainstream developer audience. I am giving a
keynote on software security testing at Practical Quality and Software
Testing in Minneapolis
Most of you know SANS is spending a lot of time an effort focused on
software and application security. If you think there is a role we can play
in this specific area and would like to talk to me about that, please feel
free to connect with me offline.
If not, we'll stay head down on the current
