[SC-L] Darkreading: code scanning
Gary McGraw
gem at cigital.com
Fri Feb 15 08:49:52 EST 2008
Hi sc-l,
This month, my darkreading column is about code scanning. Remember that flurry in the press about Coverity's scan project where half of the stories were positive and the other half negative? That prompted me to write this column (started with a Justice League posting as some of you will recall).
Topics: open source, code scanning, architectural risk analysis, declaring security victory
http://www.darkreading.com/document.asp?doc_id=146053&WT.svl=column1_1
In a sentence: code scanning is good and everyone should be doing it, but don't declare security too early and never forget the architecture.
gem
company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book www.swsec.com
More information about the SC-L
mailing list