Dear all, Two examples come to my mind when I think about classic examples of secure software development: OpenSSH and Qmail. Both a) were designed with security in mind b) were heavily audited (--> open source) c) are widely used in security sensitive environments for long times (> 10 years) d) had relatively few known security bugs despite b), and c). My question is: Are there any web applications that can be seen as a classic example of secure software development on the web (similar to OpenSSH and Qmail in the network service area)? Thanks, Sebastian --- Sebastian Schinzel Universität Erlangen-Nürnberg Lehrstuhl für Informatik 1 IT-Sicherheitsinfrastrukturen Web: http://www1.cs.fau.de/ Twitter: http://twitter.com/seecurity

On Tue, May 15, 2012 at 6:50 AM, Sebastian Schinzel <ssc@seecurity.org> wrote: > Dear all, > > Two examples come to my mind when I think about classic examples of > secure software development: OpenSSH and Qmail. Both > > a) were designed with security in mind > b) were heavily audited (--> open source) > c) are widely used in security sensitive environments for long times (> 10 years) > d) had relatively few known security bugs despite b), and c). > > My question is: > Are there any web applications that can be seen as a classic example of > secure software development on the web (similar to OpenSSH and  Qmail > in the network service area)? I'm a fan of Plone: http://plone.org/products/plone/security/overview -- Nick Owen WiKID Systems, Inc. http://www.wikidsystems.com Commercial/Open Source Two-Factor Authentication