security - What are the common compliance standards for software products? -

-

this generic question software products. know compliance standards applicable software product.

i know question gives away nothing. so, here example referring to. cisecurity security certification/compliance lists out products ceritified them compliant standards published @ website, i.e, cisecurity.org. compliance simple answering questionnaire product , approved thirdparty cisecurity or apply whole organization, instance, pci-dss compliance.

i interested in knowing standards products know/designed/created, comply to. give context behind question: developer of data-masking tool. said tool helps mask onscreen html text in banking web application using filters. so, instance, if bank application lists out user information ssn, product when integrated banking product, automatically identifies ssn pattern , masks pre-defined format.so, have product marketing team wanting more buzz words compliance able sell more banking clients. hence, understanding "compliances apply products" key research item me @ point. meant, security compliances.

appreciate , suggestions.

i don't believe there specific governing body dictates specifications type of software. individual countries have own privacy laws, , if in individual states have own laws, california being toughest.

it sounds software being distributed. when reports vulnerability in software (yes, going happen eventually). if bug filed professional used mirte reference cwe number (bugtraq nightmare!). few people realize there acutely hundreds of different types of vulnerabilities , all software vulnerable something, if technicality. if think software 100% secure fool or fooled salesman.

i believe cwe-200 family important you. important member of family cwe-213 directly references example vulnerability attempting patch. cwe-549 similar trying defend against. important part check out cwe's relationships because there number of related vulnerabilities apply you. instance cwe-549 issue related credential management.


Comments

Post a Comment

Popular posts from this blog

javascript - Enclosure Memory Copies -

-
function myclass() { //lots , lots of vars , code here. this.bar = function() { //do numerous enclosed myclass vars } this.foo = function() { alert('hello'); //don't enclosed variables. } } each instance of myclass gets own copy of bar , foo, why prototyped methods use less memory. however, know more memory use of inner methods. it seems obvious me (1) below must true. agree? not distinct myclass instances have own distinct copies of bar, must have own distinct copies of myclass enclosure. (or else how bar method keep myclass variables straight on per instance basis?) now (2) question i'm after. since inner foo method doesn't use in myclass enclosure natural qustion is: javascript smart enough not keep myclass enclosure in memory use of foo? this depend entirely on implementation not language. naive implementations keep far more around others. answer true e.g. v8 (chrome's js engine) may not true spider...
Read more

php - Replacing tags in braces, even nested tags, with regex -

-
example preg_replace('/\{[a-za-z.,\(\)0-9]+\}/', 'replaced', 'lorem ipsum dolor sit {tag1({tag2()})}, consectetur adipiscing elit.'); the result: lorem ipsum dolor sit {tag1(replaced)}, consectetur adipiscing elit. question as can see "tag2" has been replaced, want replace "tag1" know how can this? (in cases might this: {tag1({tag2({tag3()})})}) , on.) btw using preg_replace_callback, easier show preg_replace here site can test code: http://www.spaweditor.com/scripts/regex/index.php you need add curly braces character set. here's pattern used: /\{[a-za-z.,\(\)\{\}0-9]+\}/ and here result: "lorem ipsum dolor sit replaced, consectetur adipiscing elit."
Read more