Re: Writing Secure code[update]

From: K K Mookhey (ctoat_private)
Date: Wed Jan 01 2003 - 04:21:20 PST

  • Next message: David Wheeler: "Standards for developing secure software"

    This is pretty good, and needs not much introduction
    The Common Criteria for Information Technology Security Evaluation:
    Download at: http://csrc.nist.gov/cc/ccv20/ccv2list.htm
    The CC is also an ISO standard 15408:1999.
    This is what we attempt to follow as much as possible when evaluating
    software.
    There are also accredited agencies certified to do CC evals.
    
    K. K. Mookhey
    Chief Technology Officer
    Network Intelligence India Pvt. Ltd.
    Email: ctoat_private
    Web: www.nii.co.in
    Tel: 91-22-22001530/22006019
    =============================
    The Unix Auditor's Practical Handbook
    http://www.nii.co.in/tuaph.html
    =============================
    
    
    > So, how about directing our focus with a aim at reaching a
    > methodology/conclusion as to what can be done (by us + others) to say
    bring
    > up some ideas of some kind of a standard/practice which aims at following
    > certain guidelines to be taken at the design stage of any software
    > development process that could help us prevent the code getting
    > exploited.(If something like this already exists please do let me
    know..this
    > shall save a lot of time!).
    



    This archive was generated by hypermail 2b30 : Thu Jan 02 2003 - 18:45:26 PST