mailing list archives
SearchSecurity: Scaling Automated Code Review
From: Gary McGraw <gem () cigital com>
Date: Tue, 28 Jan 2014 17:53:20 -0500
The latest monthy SearchSecurity article was co-authored with Jim Routh, CSO of Aetna. What Jim is doing for his fifth
(!!) software security initiative is very interesting. So interesting that we decided to write about it.
In particular pay attention to Jim's use of a light weight IDE-based static analysis tool. This is important for two
reasons: 1) because it runs on all dev desktops (and thus scales) and 2) because it finds problems in real time as they
are being typed in. FIXING security problems found in this way is easier than it is in the situation when results
arrive a week after they are typed in when dev on a new sprint.
Scaling Automated Code Review: http://bit.ly/1iIcAPB
< here is a long URL version
As always, your feedback is welcome. Pass it on!
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
- SearchSecurity: Scaling Automated Code Review Gary McGraw (Jan 29)