[SASAG] Anyone know a local or close to local Software Security Domain Expert?

Mohsen Banan-vendors vendors at mohsen.banan.1.byname.net
Wed Jul 18 16:11:13 PDT 2007

>>>>> On Mon, 9 Jul 2007 07:44:22 -0700, Leeland <leeland06 at greydragon.com> said:

  Leeland> My company is trying to wrestle with the software security issues.
  Leeland> Like most places they left security mostly to the end and are paying
  Leeland> for it now. I am working on their Security Consortium group that has
  Leeland> been formed to start pushing back into all areas (design, testing,
  Leeland> development, and deployment) to improve security. Problem is most of
  Leeland> the people here do not know the security lingo, best practices, etc.

That is vey much the right place to start.

The Security Reference Model, framework,
terminology, ... are essential prior to any type
of meaningful analysis and planning.

In Fall of 2006, as a guest speaker, I made a short
presentation at Seattle University for CSSE 572. 

The title was: 

   Secure Networks
   Starting with Basic Reference Model for Security Architecture
   A Historic Review of a Nascent Industry

The slides for that presentation are at:

The class reading that I had assigned was:
    1) ISO-7498-2 (X.800)
    2) X.509

I recommend digging up those two documents,
circulating them in your team and using them as
your reference model. Short of that, it is babel.

If you want to build on these, let me know and I
can send you additional info.

Hope this helps.

-- Mohsen Banan                   http://mohsen.banan.1.byname.net/
   Neda Communications, Inc.      http://www.neda.com/
   3610 164th Place SE            mailto:vendors at mohsen.banan.1.byname.net
   Bellevue, WA 98008             tel: +1-425-644-8026
        U.S.A.                    fax: +1-425-644-2886
   Map and Driving Directions:    http://info.1-98008-5807-10.bywhere.net/

More information about the Members mailing list