Top 25 Coding Errors Released
In today's Bits post, I mentioned that a top 25 coding errors report was going to be issued today. Well, it's happened. From the SANS website: Today in Washington, DC, experts from more than 30 US and...
View ArticleContracts DO NOT Equal Security – New York and Secure Code
Hi folks. Yesterday, I included this story in my Bits post. It is about new procurement language that says software vendors must "certify" that their software does not have any of the Top 25 Errors...
View ArticleSomebody Got Some Splaining To Do
An attribution would have avoided a problem here. Marcin has a post up comparing the SANS Application Security Procurement Language and the OWASP Secure Software Contract Annex. Give it a read and see...
View ArticleSecure Coding: Ask, Don’t Tell to Get Engagement
Rafal has a very nice post up that explores why security folks have such a hard time getting application developers to care about secure coding. As I was reading that post, two ideas merged in my poor...
View Article
More Pages to Explore .....