No such thing as a small change | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
I have just come across a great implementation of Open Source and security. Ideahamster.org has taken security practices in general and security in relation to programming and brought these practices out in the open to peer review. These practices have been combined into workable standards for administrators and programmers. The project is run by a former IBM Network Security Auditor (White Hat Hacker), who was running into roadblocks when discussing security strategies with other companies. This project seems to have sprouted from the idea that security, as a whole, will only be achieved if everyone combines their resources. This philosophy unfortunately is not accepted as a sound idea by most PHB's, so it was moved a more beneficial environment Open Source The Secure Programming Standards Methodology Manual is a pre-release version (V.90) of a complete secure programming standard (only available HTML right now). It is language independent and very close completion. It covers many areas including: Logging, Stack Smashing, Remote Compromise, Output, … but it still needs more input. I would highly recommend this as a read if you have ever thought about contributing to an Open Source project or have ever been concerned about the security of your programs. Ideahamster.org has also released it’s The Open Source Security Testing Methodology Manual V2 preview release 6 for review (PDF or HTML). It is a fully comprehensive security plan for any company (e.g. small, large or in-between), which can be implemented by 1 or 100 people.
Quoted from the Introduction: grep
In reply to Security Standards by grep
|
|