[SASAG] Anyone know a local or close to local Software Security Domain Expert?
vendors at mohsen.banan.1.byname.net
Wed Jul 18 16:11:13 PDT 2007
>>>>> On Mon, 9 Jul 2007 07:44:22 -0700, Leeland <leeland06 at greydragon.com> said:
Leeland> My company is trying to wrestle with the software security issues.
Leeland> Like most places they left security mostly to the end and are paying
Leeland> for it now. I am working on their Security Consortium group that has
Leeland> been formed to start pushing back into all areas (design, testing,
Leeland> development, and deployment) to improve security. Problem is most of
Leeland> the people here do not know the security lingo, best practices, etc.
That is vey much the right place to start.
The Security Reference Model, framework,
terminology, ... are essential prior to any type
of meaningful analysis and planning.
In Fall of 2006, as a guest speaker, I made a short
presentation at Seattle University for CSSE 572.
The title was:
Starting with Basic Reference Model for Security Architecture
A Historic Review of a Nascent Industry
The slides for that presentation are at:
The class reading that I had assigned was:
1) ISO-7498-2 (X.800)
I recommend digging up those two documents,
circulating them in your team and using them as
your reference model. Short of that, it is babel.
If you want to build on these, let me know and I
can send you additional info.
Hope this helps.
-- Mohsen Banan http://mohsen.banan.1.byname.net/
Neda Communications, Inc. http://www.neda.com/
3610 164th Place SE mailto:vendors at mohsen.banan.1.byname.net
Bellevue, WA 98008 tel: +1-425-644-8026
U.S.A. fax: +1-425-644-2886
Map and Driving Directions: http://info.1-98008-5807-10.bywhere.net/
More information about the Members