SecurityRatty: tag: defects

More on Application Security Metrics

2008-05-08 20:05:00 by Security Retentive in Security Retentive

...Defects Implementation Defects I hadn't gotten good answers up to this point because measuring those internally during the development process is a constantly moving target. If your testing methodology is always changing, then its hard to say whether you're seeing more or fewer defects of a given type than before, especially as a percentage....

Banning function calls, assurance, and retrofitting

2008-03-18 19:48:00 by Security Retentive in Security Retentive

...defects against the old code for any use of a banned function, without investigating the specific use File defects against old code only after verifying that in the context you have a potential vulnerability Get a dedicated team together to just go and clean up old code Each of these approaches has its plusses and minuses If you choose to...

Tags: code review experience, code, security sensitive context, context, security critical context, unsafe context, static analyzer, file defects, rand

Metrics and Audience

2008-04-19 09:52:00 by Security Retentive in Security Retentive

...defects and implementation defects At the same time, I'm willing to acknowledge that developing these metrics is a full time job for multiple people. And, tracking the metrics over time is difficult, since its hard to normalize the defects between products and across time. New attacks are always surfacing, so how do you track the impact of...

Tags: software, software metric, software security folks, security folks, software security initiatives, security, measure software security, measure, metrics

SDL Training

2008-05-29 15:22:00 by sdl in The Security Development Lifecycle

...defects correlates closely with the density of security defects. And Microsoft Research found higher code coverage in testing correlates with higher bug rates in the field And so even though people like the idea of defect estimation, and weve got some interesting and surprising data, weve not yet been successful in changing peoples behavior....

Tags: real behavior change, behavior, sdl, change peoples behavior, security, security guy, security defects, defects, security class

"Crawling" Toward SDL

2008-03-06 22:13:00 by sdl in The Security Development Lifecycle

...defects in C/C++ programs and enables you to perform quick desktop error detection on small code bases FxCop an application that analyzes managed code assemblies (code that targets the .NET Framework common language runtime) and reports information about the assemblies Application Verifier (AppVerif) detect and help debug memory corruptions,...

Tags: sdl, security, perform security analysis, application security, application, applications security, security issues, issues, non-microsoft sdl engagements

Help a kid with congenital heart disease go to camp!

2008-03-06 19:11:53 by HASH0x8b3f9bc in StillSecure, After All These Years

...defects Contact info: tim@timcase.net http://www.teamstrongheart.com

Tags: camp, support camp odayin, camp odayin, congenital heart disease, heart disease, camp experience, tim, team strong heart, boyfriend tim

Help a kid with congenital heart disease go to camp!

2008-03-06 20:11:53 by ashimmy in StillSecure, After All These Years

...defects Children with heart disease are not often afforded the opportunity to attend camp due to health risk and insurance issues Camp Odayin is a non-profit organization dedicated to providing the camp experience to these special young people Camp Odayin runs soley on donation and only costs the familes a $25 dollar registration fee...

Tags: camp, support camp odayin, camp odayin, congenital heart disease, heart disease, camp experience, tim, team strong heart, boyfriend tim

Another Strategy for Getting Started with Application Security

2008-01-09 19:50:00 by Security Retentive in Security Retentive

...defects In the end in order to fully implement the program we had to do developer training, build our own frameworks, perform risk assessments against applications, and fully incorporate testing The key to getting it started though was adopting a common approach to one area of security via a well-designed tool

Tags: security, application security, security program, authorization scheme, authorization, program, tool, approaches, perform risk assessments

Monks, Compliance, Risk, and Government

2008-07-07 15:53:46 by rybolov in The Guerilla CISO

The Abbot at the Security Monastery takes us through an interesting tour of compliance, risk management, and what the Government is doing . Im not biased at all because its based on conversations with me or anything like that Now for those of you who dont know me personally, heres a little bit of trivia for you: Every week I go back and forth...

Tags: government, risk management, security monastery takes, security, compliance, zero-defects world, neverwork, week, bit

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo