(ieeecs-media.computer.org)

205 points bsoles | 1 comments | 21 Oct 24 19:16 UTC | HN request time: 0.204s | source

Show context

tptacek ◴[21 Oct 24 21:44 UTC] No.41908836[source]▶

>>41907412 (OP) #

SWEBOK 4 adds a dedicated section for security, but it's painfully 2012 (testing, for instance, centers on the old industry-driven "SAST" vs. "DAST" distinction). It also promotes stuff like Common Criteria and CVSS. The "domain-specific" security section could have been pulled out of the OWASP wiki from 2012 as well: "cloud", "IOT", "machine learning".

replies(3): >>41910272 #>>41911429 #>>41930898 #

mixmastamyk ◴[22 Oct 24 05:21 UTC] No.41911429[source]▶

>>41908836 #

Believe it is supposed to be slow-moving, keeping to settled matters. Have those fallen out of favor, or shown to be wrong already?

replies(1): >>41916609 #

1. tptacek ◴[22 Oct 24 17:33 UTC] No.41916609[source]▶

>>41911429 #

I would not describe SWEBOK's breakdown of software security as "settled".

↑

Software Engineering Body of Knowledge (SWEBOK) v4.0 is out [pdf]