hi sc-l,
Whenever a computer security disaster story breaks (pretty much the only kind
of coverage cyber security can expect in the major press) we have an
opportunity (while people are paying attention) to talk about how to avoid
future disasters. If we're lucky, we can leverage the NASCAR effect
http://www.darkreading.com/security/application-security/208803559/if-you-build-it-they-ll-crash-it.html
to discuss software security.
In my view, the only way we can get in front of modern malware is by building
security in. I wrote about that for SearchSecurity in May: Eliminating badware
addresses malware problem
http://searchsecurity.techtarget.com/opinion/Gary-McGraw-Eliminating-badware-addresses-malware-problem
(May 2012).
Some of the Flame dustup in the press this week riffed on that idea and even
mentioned the BSIMM (in the WSJ CIO Journal):
http://blogs.wsj.com/cio/2012/05/29/cios-should-see-flame-as-a-call-to-arms/?KEYWORDS=hickins
Also check out a related radio segment from Marketplace (aired on NPR):
http://www.marketplace.org/topics/tech/flame-malware-burns-through-cyberspace
It actually works to use the NASCAR effect to get our message out!
gem
company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book www.swsec.com
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
___