The one point that's missing from the article is to remind people: What the 
heck do you think firewalls are made of? Software! So unless a software 
manufacturer has got "software security religion", their product is just as 
likely to be "broken" inside than the things it allegedly protects. 

===
Karen Mercedes Goertzel, CISSP
Lead Associate
Booz Allen Hamilton
703.698.7454
goertzel_ka...@bah.com

"I love humans. Always seeing patterns in things that aren't there."
- The Doctor

________________________________________
From: SC-L [sc-l-boun...@securecoding.org] on behalf of Gary McGraw 
[g...@cigital.com]
Sent: 31 March 2014 18:40
To: Secure Code Mailing List
Subject: [External]  [SC-L] Firewalls, Fairy Dust, and Forensics

hi sc-l,

Ever get discouraged that we have not been making enough progress in software 
security?  Well, we have been making plenty of progress and our field is 
growing fast!   This peppy little article (co-authored with Sammy Migues) 
explains why firewalls, fairy dust, and forensics are not working out for 
computer security.

Oh, and software security is growing at 20% CAGR and now accounts for 10% of 
the computer security market (which is itself growing at 8.9%).  We are in the 
right field, and the this mailing list is a major help.

Please read this: 
http://searchsecurity.techtarget.com/opinion/McGraw-Firewalls-fairy-dust-and-forensics-Try-software-security
  Then have your SSG members read it.  You do have an SSG, right?

Feel free to post links to twitter, facebook, linkedin, and send it around (by 
pointer).  I would really appreciate that.

Thanks!

gem

company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book www.swsec.com

_______________________________________________
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________

_______________________________________________
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________

Reply via email to