SecurityFocus

Writing Secure code Dec 27 2002 12:46PM
Rahul Chander Kashyap (rahul nsecure net) (6 replies)

Re: Writing Secure code Dec 28 2002 03:36AM
K K Mookhey (cto nii co in)

Re: Writing Secure code Dec 27 2002 11:16PM
Bob Bruen (coldrain sover net)

Re: Writing Secure code Dec 27 2002 06:17PM
Dana Epp (dana vulscan com)

Re: Writing Secure code Dec 27 2002 06:03PM
Valdis Kletnieks vt edu (2 replies)

Re: Writing Secure code Dec 28 2002 07:40AM
Glynn Clements (glynn clements virgin net) (2 replies)

Re: Writing Secure code Dec 29 2002 12:35AM
Cesar (cesarc56 yahoo com)

Re: Writing Secure code Dec 28 2002 07:04PM
Crispin Cowan (crispin wirex com)

RE: Writing Secure code Dec 27 2002 08:51PM
Roger Alexander (rta cs colostate edu) (1 replies)

RE: Writing Secure code Dec 30 2002 12:41PM
Matt McClellan (mmcclellan nfr com) (2 replies)

RE: Writing Secure code Jan 01 2003 02:46AM
peleus (peleus peleus net) (1 replies)

RE: Writing Secure code Jan 03 2003 04:36AM
Timo Sirainen (tss iki fi)

Re: Writing Secure code[update] Dec 31 2002 10:20AM
Rahul Chander Kashyap (rahul nsecure net) (2 replies)

Re: Writing Secure code[update] Jan 01 2003 12:21PM
K K Mookhey (cto nii co in) (2 replies)

This is pretty good, and needs not much introduction
The Common Criteria for Information Technology Security Evaluation:
Download at: http://csrc.nist.gov/cc/ccv20/ccv2list.htm
The CC is also an ISO standard 15408:1999.
This is what we attempt to follow as much as possible when evaluating
software.
There are also accredited agencies certified to do CC evals.

K. K. Mookhey
Chief Technology Officer
Network Intelligence India Pvt. Ltd.
Email: cto (at) nii.co (dot) in [email concealed]
Web: www.nii.co.in
Tel: 91-22-22001530/22006019
=============================
The Unix Auditor's Practical Handbook
http://www.nii.co.in/tuaph.html
=============================

> So, how about directing our focus with a aim at reaching a
> methodology/conclusion as to what can be done (by us + others) to say
bring
> up some ideas of some kind of a standard/practice which aims at following
> certain guidelines to be taken at the design stage of any software
> development process that could help us prevent the code getting
> exploited.(If something like this already exists please do let me
know..this
> shall save a lot of time!).

[ reply ]

Re: Writing Secure code[update] Jan 04 2003 12:31AM
Warwick Molloy (wmolloy optushome com au)

Re: Writing Secure code[update] Jan 02 2003 11:55PM
Alex Russell (alex netWindows org)

Re: Writing Secure code[update] Dec 31 2002 08:28PM
Crispin Cowan (crispin wirex com)

RE: Writing Secure code Dec 27 2002 05:46PM
Jeremy Epstein (jepstein webmethods com) (1 replies)

Re: Writing Secure code Dec 27 2002 08:50PM
Valdis Kletnieks vt edu

Re: Writing Secure code Dec 27 2002 05:43PM
John Viega (viega list org) (2 replies)

Re: Writing Secure code Dec 27 2002 09:54PM
Alex Russell (alex netWindows org) (1 replies)

Re: Writing Secure code Dec 27 2002 08:57PM
John Viega (viega list org)

RE: Writing Secure code Dec 27 2002 08:59PM
Matt McClellan (mcc nfr com) (1 replies)

Re: Writing Secure code Dec 27 2002 09:06PM
John Viega (viega list org)