Shostack + Friends Blog


SDL Article in CACM

Most of my time, I'm helping organizations develop the skills and discipline to build security in. We give the best advice available, and I recognize that we're early in developing the science around how to build an SDL that works.

That's why I spend time working with academics who can objectively study what we're working on. Mary Ellen Zurko and I have a short article on the subject in the May Communications of the ACM: "Secure Development Tools and Techniques Need More Research That Will Increase Their Impact and Effectiveness in Practice."