OpenID Security
Nat Sakimura
sakimura at gmail.com
Thu Feb 5 16:34:33 UTC 2009
Yeah. Fortify is nice. I do not know what would be the licensing terms
now, but before, it used to have a "traveling" kind of license that
allowed consultants to do the evaluation for the projects of their
customers. It might be worthwhile for somebody like OIDF to buy a
license and run a certification program out of it. Of course, having
secure profile, which we do not have yet, is a prerequisite though.
=nat
On Wed, Feb 4, 2009 at 11:48 PM, McGovern, James F (HTSC, IT)
<James.McGovern at thehartford.com> wrote:
> OpenID certainly has security features but are all the libraries out
> there written to secure coding practices? Wouldn't it be great if all
> the library creators could have their code reviewed for security
> defects? Check out http://owasp.fortify.com/
> ************************************************************
> This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies.
> ************************************************************
>
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs
>
--
Nat Sakimura (=nat)
http://www.sakimura.org/en/
More information about the specs
mailing list