CWE/SANS Top 25 Documents & PodcastsImproving Software Security by Eliminating the CWE Top 25 Vulnerabilities May/June, 2009 — IEEE Security and Privacy, vol. 7 February 23, 2009 — OWASP Podcast Series #11 February 5, 2009 — Federal Security Spotlight this week looks behind the scenes in the creation of a new tool for security professionals. The Top 25 Most Dangerous Programming Errors are found in government and industry software, and if programmers can be trained not to write them in, cyber security could improve. The list was the joint work of Mitre Corporation and the SANS Institute, and we talk to Bob Martin, a software expert at Mitre; and Alan Paller, the research and education head of SANS Institute. (Links mentioned during the show: SANS TOP 25 Most Dangerous Programming Errors, Application Security Procurement Language) January 27, 2009 — MSDN Blogs: The Security Development Lifecycle Application Security Procurement Language New York State has produced draft procurement standards to allow companies to buy software with security baked in. If you wish to join the working group to help improve the procurement guidelines you can go to the New York State Cyber Security and Critical Infrastructure Coordination web site www.cscic.state.ny.us/resources/aspl.cfm. Draft New York State procurement language will be posted at www.sans.org/appseccontract. Static Analysis Tool Exposition (SATE) 2008 Editors: Vadim Okun, Romain Gaucher, Paul E. Black |
