Re: [SC-L] Darkreading: compliance

Hi all, Another big momentum machine for software security (and data security) is PCI compliance. There is a challenge, though, and that is figuring out where the credit card data that you want to protect are. We've found in our practice at cigital that the data are literally scattered all

[SC-L] Foundations of Security: What Every Programmer Needs to Know

http://www.bookpool.com/sm/1590597842 Any thoughts positive and negative on this book? * This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or

Re: [SC-L] Darkreading: compliance

Gary, may I suggest an alternative response to application firewalls and the notion that it is hair-brained? Of course this is true but this list is missing a major opportunity to finally calculate an ROI model. If you ask yourself, what types of firewalls are pervasively deployed, you would

Re: [SC-L] Foundations of Security: What Every Programmer Needs to Know

It was written by a PhD from stanford who worked with dan boneh. He now works for google. The book has lots of hands on examples which makes it powerful. I think it's worth buying and reading. I have a copy on my desk now. gem company www.cigital.com podcast www.cigital.com/silverbullet

Re: [SC-L] Darkreading: compliance

For many shops, having another type of firewall could cost millions whereas putting tools in the hands of developers may actually be cheaper. We as a community may be better served by encouraging application firewalls and letting the financial model for complying work in our favor... I

[SC-L] FW: Need Sec Forum speakers-let us know by Wed. if interested

Awhile back, I mentioned the Technology forum in NYC and they are seeking speakers. Of course there are some constraints to whom may sign up. A sponsor may serve on a panel but otherwise, the speakers need to be from end-customer enterprises and not from software vendors or consulting firms. If

Re: [SC-L] Darkreading: compliance

On 4/4/07, J. M. Seitz [EMAIL PROTECTED] wrote: From secure coding practice in development, proper QA cycle and regression testing, deployment security touchpoints, and finally adding the extra layer on the top is putting application layer firewalls in place, which if we ever have a 0-day style

Re: [SC-L] Darkreading: compliance

Gary, may I suggest an alternative response to application firewalls and the notion that it is hair-brained? Of course this is true but this list is missing a major opportunity to finally calculate an ROI model. If you ask yourself, what types of firewalls are pervasively deployed, you