Comments on: Coding Standard http://www.greebo.net/2008/09/24/coding-standard/ mostly useless crap from me Sun, 21 Feb 2010 00:51:44 +0000 http://wordpress.org/?v=2.9 hourly 1 By: Big Red http://www.greebo.net/2008/09/24/coding-standard/comment-page-1/#comment-19358 Big Red Mon, 20 Oct 2008 05:48:15 +0000 http://www.greebo.net/?p=473#comment-19358 http://upsidedowndogs.com/ Wunnerful stuff http://upsidedowndogs.com/

Wunnerful stuff

]]> By: un-excogitate.org » Blog Archive » Secure Software is Sexy http://www.greebo.net/2008/09/24/coding-standard/comment-page-1/#comment-19209 un-excogitate.org » Blog Archive » Secure Software is Sexy Wed, 08 Oct 2008 04:50:02 +0000 http://www.greebo.net/?p=473#comment-19209 [...] second article was by Andrew van der Stock on the upcoming “OWASP Top 10 Coding Standard“. I’ll only list the 10 topic headlines but I definitely recommend you check out the [...] [...] second article was by Andrew van der Stock on the upcoming “OWASP Top 10 Coding Standard“. I’ll only list the 10 topic headlines but I definitely recommend you check out the [...]

]]> By: Biggus Reddus http://www.greebo.net/2008/09/24/coding-standard/comment-page-1/#comment-19195 Biggus Reddus Tue, 07 Oct 2008 21:43:22 +0000 http://www.greebo.net/?p=473#comment-19195 Noddy, Knowing you're a bit of a fan of old EK, thought you might find the following interesting: PE Noddy,

Knowing you’re a bit of a fan of old EK, thought you might find the following interesting:

PE

]]> By: Sam http://www.greebo.net/2008/09/24/coding-standard/comment-page-1/#comment-19194 Sam Tue, 07 Oct 2008 19:37:57 +0000 http://www.greebo.net/?p=473#comment-19194 What an exciting project! And a great start. A couple quick thoughts: 1) What would you say to combining authentication and access control? I see both sides: each section stands on its own, yet they are also closely related. Combining them, though, opens a spot for another section. Not that I know what that section might be yet. 2) As important as I believe a code repository is -- essential! -- we'll have to demonstrate how it impacts security. Yes, it's actionable and raises the maturity of the SDLC, but "I [have] never seen secure code without one" isn't quite enough to use the label "mandatory". Correlation is not causation. However, because using a source code repository implies some rigor to the SDLC and makes it easy to identify changes to a codebase, it's not hard to determine the impact. What an exciting project! And a great start. A couple quick thoughts:

1) What would you say to combining authentication and access control? I see both sides: each section stands on its own, yet they are also closely related. Combining them, though, opens a spot for another section. Not that I know what that section might be yet.

2) As important as I believe a code repository is — essential! — we’ll have to demonstrate how it impacts security. Yes, it’s actionable and raises the maturity of the SDLC, but “I [have] never seen secure code without one” isn’t quite enough to use the label “mandatory”. Correlation is not causation. However, because using a source code repository implies some rigor to the SDLC and makes it easy to identify changes to a codebase, it’s not hard to determine the impact.

]]> By: afongen » Summarizing meetings so I don’t have to! http://www.greebo.net/2008/09/24/coding-standard/comment-page-1/#comment-19078 afongen » Summarizing meetings so I don’t have to! Sat, 04 Oct 2008 03:37:04 +0000 http://www.greebo.net/?p=473#comment-19078 [...] 10 Coding Standard. Andrew introduces this in a recent blog post. The idea is to set a minimum standard for what needs to be done to develop secure [...] [...] 10 Coding Standard. Andrew introduces this in a recent blog post. The idea is to set a minimum standard for what needs to be done to develop secure [...]

]]>