Re: secure software engineering methodology

From: Bill Weiss (houdini_at_nmt.edu)
Date: 03/23/04

  • Next message: Mads Rasmussen: "Re: secure software engineering methodology"
    Date: Mon, 22 Mar 2004 18:24:52 -0700
    To: secprog@securityfocus.com
    
    

    Mads Rasmussen(mads@opencs.com.br)@Mon, Mar 22, 2004 at 10:42:49AM -0300:
    >
    > Do any of you have any experience with methodologies for software
    > engineering of secure software?

    I have some experience with the Cleanroom method, using the book "Toward
    zero-defect programming" by Allan Stavely.

    It has shown to be a reliable method for producing error free code. It is
    not a method of developing any faster, you simply shift debugging time
    (some of it after the software ships) to design time.

    There is a decent review of the book at this site, which was written by
    the teacher of the Cleanroom class I took:
    http://www.nmt.edu/~shipman/reading/stavely.html

    -- 
    Bill Weiss
     
    The reason the Poisson disk method of supersampling with jitter works is
    monkeys. 
            -- Prof. John C. Hart, CS319 (Graphics II)
                    University of Illinois, Champaign-Urbana, IL
    

  • Next message: Mads Rasmussen: "Re: secure software engineering methodology"