Darkreading: code scanning

[gem at cigital.com (Gary McGraw)]

Hi sc-l,

This month, my darkreading column is about code scanning.   Remember that flurry in the press about Coverity's scan 
project where half of the stories were positive and the other half negative?  That prompted me to write this column 
(started with a Justice League posting as some of you will recall).

Topics: open source, code scanning, architectural risk analysis, declaring security victory

http://www.darkreading.com/document.asp?doc_id=146053&WT.svl=column1_1

In a sentence: code scanning is good and everyone should be doing it, but don't declare security too early and never 
forget the architecture.

gem

company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book www.swsec.com