ramblings on various information security topics
From the category archives:
Rafal has a very nice post up that explores why security folks have such a hard time getting application developers to care about secure coding.
As I was reading that post, two ideas merged in my poor little head. This was cause for celebration because it doesn't happen very often
Thought #1: Ask, Don't Tell
I [...]
{ 0 comments }
An attribution would have avoided a problem here.
Marcin has a post up comparing the SANS Application Security Procurement Language and the OWASP Secure Software Contract Annex.
Give it a read and see what you think.
Kevin
{ 0 comments }
Hi folks. Yesterday, I included this story in my Bits post. It is about new procurement language that says software vendors must "certify" that their software does not have any of the Top 25 Errors released by SANS/CWE early this week.
I have read several blog posts on the topic since and today the topic came [...]
{ 3 comments }
In today's Bits post, I mentioned that a top 25 coding errors report was going to be issued today. Well, it's happened. From the SANS website:
Today in Washington, DC, experts from more than 30 US and international cyber security organizations jointly released the consensus list of the 25 most dangerous programming errors that lead to [...]
{ 0 comments }
