Dear all,
Two examples come to my mind when I think about classic examples of
secure software development: OpenSSH and Qmail. Both
a) were designed with security in mind
b) were heavily audited (--> open source)
c) are widely used in security sensitive environments for long times (> 10 years)
d) had relatively few known security bugs despite b), and c).
My question is:
Are there any web applications that can be seen as a classic example of
secure software development on the web (similar to OpenSSH and Qmail
in the network service area)?
Thanks,
Sebastian
Sebastian Schinzel
Universität Erlangen-Nürnberg
Lehrstuhl für Informatik 1
IT-Sicherheitsinfrastrukturen
Web: http://www1.cs.fau.de/
Twitter: http://twitter.com/seecurity
On Tue, May 15, 2012 at 6:50 AM, Sebastian Schinzel ssc@seecurity.org wrote:
Dear all,
Two examples come to my mind when I think about classic examples of
secure software development: OpenSSH and Qmail. Both
a) were designed with security in mind
b) were heavily audited (--> open source)
c) are widely used in security sensitive environments for long times (> 10 years)
d) had relatively few known security bugs despite b), and c).
My question is:
Are there any web applications that can be seen as a classic example of
secure software development on the web (similar to OpenSSH and Qmail
in the network service area)?
I'm a fan of Plone: http://plone.org/products/plone/security/overview
--
Nick Owen
WiKID Systems, Inc.
http://www.wikidsystems.com
Commercial/Open Source Two-Factor Authentication