I've not posted in awhile because I've not spent the time (my own fault) to put together a good post about any of these items. All links are worth a look-see, and probably worth a post in their own right.
- Brian Chess and Jacob West's new book Secure Programming with Static Analysis has been released. Pick up your copy today. I don't agree with them 100% on some of their philosophies, but the book is going to be worth the read, and will hopefully lend some weight to those who are trying to make static analysis a regular and vital part of their SDLC.
- Christian Matthies has put together a really excellent explanation of DNS pinning, anti-DNS pinning, anti-anti-DNS pinning, and anti-anti-anti-DNS pinning. For those who have been curious, but never read a whole post on the two (anti- and anti-anti-anti-), this one's prolly worth keeping bookmarked for anybody you're bringing up to speed.
- SANS has finalized round one of their GIAC Secure Software Programmer certification. I was very happy to hear about an exam they were developing with a couple of universities last autumn, and it's now coming to fruition. It's still operated like any other GIAC offering, so there's not yet a corporate installment of it where you get all your coders certified at once. But it's certainly worth the look - and they do have sample questions. For you C people, it is specific on the different types of overruns. You need to learn all the different ways a buffer overrun happens (off-by-one, fencepost, etc., etc.).