DISQUS

Returning?

Login

Website
http://www.matasano.com/log
Original page
http://www.matasano.com/log/388/do-we-need-an-iso-secure-coding-standard/
Subscribe
All Comments
Community
Top Commenters
- Press Controls
  3 comments · 2 points
- ChrisMtso
  12 comments · 1 points
- Eric Monti
  11 comments · 1 points
- StatlerAndWaldorf
  12 comments · 3 points
- Dave G.
  7 comments · 1 points
Popular Threads

Matasano Chargen: Do We Need an ISO Secure Coding Standard?

Chris W. · 3 years ago

The solution is not more lists of things not to do, its checking technology to tell you when you did do one of those things.

NIST SAMATE already has a short list of things not to do in their Source Code Analysis Tool Functional Specification
ErikC · 3 years ago

>The solution to the secure coding problem is going
>to come from security QA, not secure coding.

I'm going to disagree with that, I've been implementing security into the SDLC of many large companies for about a year now. In my experience the secure coding problem is eliminated by education, policies, _and_ security QA to catch violations of said polices. With management buy-in essential to every step of the process (You've got an overflow in your code, your bonus just dropped 10%...yes there exist large companies that are implementing this sort of penalty system for policy violations)
Thomas Ptacek · 3 years ago

Fair point. I think I'm really just pointing out that "building security into the QA process" is underrated and valuable.