Yet Another Coding Standard?
(Posted by arthur)
Over at Matasano, Tom Ptacek skewers the new CERT Secure Programming Standard by asking: Do We Need an ISO Secure Coding Standard?. The entire article is well worth reading, but it sums up nicely with this:
There are already a myriad of good sources of information about
secure programming, including books targeted specifically to
developers that don’t have experience with secure
programming. I don’t understand why a wiki or an ISO standard
would be more accessible to these developers, who write the
majority of all code.
Thanks Tom.
Bookmark this post: Posted by arthur on July 30, 2006 at 10:45 AM
in Security
, information security
. You can:
comment, view comments (2),
see trackbacks (0) or
search Technorati.
Comments
Shoot. My coding standard, at http://homeport.org/~adam/review.html is all anyone ever needs, and its cheaper and better written than an ISO standard.
Posted by: adam | July 30, 2006 6:11 PM
The people who will read the standard probably don't need to, and those that need to will never hear about it, or care to read about it, unless managers and/or senior developers make it mandatory reading for new developers on their team.
Posted by: Jason | July 31, 2006 4:03 PM