[SC-L] SANS Institute - CWE/SANS TOP 25 Most Dangerous Programming Errors
Stephen de Vries
stephen at twisteddelight.org
Wed Jan 14 17:18:56 EST 2009
On Jan 14, 2009, at 8:45 PM, Steven M. Christey wrote:
>
> To all, I'll ask a more strategic question - assuming we're agreed
> that
> the Top 25 is a non-optimal means to an end, what can the software
> security community do better to raise awareness and see real-world
> change?
From a Web Security point of view, have a look at the OWASP ASVS
project: http://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project
Abstract:
"Whereas the OWASP Top Ten is a tool that provides web application
security awareness, the OWASP Application Security Verification
Standard (ASVS) is a commercially-workable open standard that defines
ranges in coverage and levels of rigor that can be used to perform
application security verifications
...
The primary aim of the OWASP ASVS Project is to normalize the range in
the coverage and level of rigor available in the market when it comes
to performing application security verification using a commercially-
workable open standard. This standard can be used to establish a level
of confidence in the security of web applications."
regards,
Stephen
More information about the SC-L
mailing list