Home page logo
/

securecoding logo Secure Coding mailing list archives

SearchSecurity: Architecture Risk Analysis
From: Marinus van Aswegen <mvanaswegen () gmail com>
Date: Mon, 16 Sep 2013 21:15:20 +0200

Garry,

We have a step were we figure out how the various architecture intersect
and synthesize together. After all you inherit more than you define and
deliver.

Marinus

-----

hi sc-l,

Software security in general spends a lot of time talking about bugs---too
much time, I believe.  We all know that software defects come in two major
subclasses: bugs (in the implementation) and flaws (in the design).  So,
how do you find and FIX flaws?

That's what this month's SearchSecurity column is about.  This article
about finding security flaws in software with Architecture Risk Analysis.
 It is co-authored by Jim DelGrosso who is a Principal Consultant at
Cigital and runs the Architecture practice.

We know this approach works, because we actually use it every day (and have
done so for over a decade): http://bit.ly/1b2f5Zk   No, it's not easy, and
yes it takes experience.  Oh well.

gem
_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault