/enotice/options.php?SN=TomhaveLN=CHAPTER and be
certain to include your IEEE member number.
If you need assistance with your E-Notice subscription, please contact
k.n@ieee.org
IEEE, 445 Hoes Lane, Piscataway, NJ 08854 USA
--
Benjamin
website:
http://www.keepsecurityweird.org/
Please feel free to contact me directly (off-list) if you have questions
or are interested in helping out!
Thank you,
-ben
--
Benjamin Tomhave, MS, CISSP
tomh...@secureconsulting.net
Blog: http://www.secureconsulting.net/
Twitter: http://twitter.com
/20101201/and-beyond
--
Benjamin Tomhave, MS, CISSP
tomh...@secureconsulting.net
Blog: http://www.secureconsulting.net/
Twitter: http://twitter.com/falconsview
LI: http://www.linkedin.com/in/btomhave
[ Random Quote: ]
Champions aren't made in gyms. Champions are made from something they
have deep
://krebsonsecurity.com/2010/10/java-a-gift-to-exploit-pack-makers/
Announcing Microsoft Security Intelligence Report version 9
http://blogs.technet.com/b/mmpc/archive/2010/10/13/announcing-microsoft-security-intelligence-report-version-9.aspx
cheers,
-ben
--
Benjamin Tomhave, MS, CISSP
tomh
-automated-web.html
--
Benjamin Tomhave, MS, CISSP
tomh...@secureconsulting.net
Blog: http://www.secureconsulting.net/
Twitter: http://twitter.com/falconsview
LI: http://www.linkedin.com/in/btomhave
[ Random Quote: ]
Do you think that when they asked George Washington for ID that he just
whipped
to how it
works, but we believe that listening to the underground can help prepare
you and help identify what the next big thing might be.
Thank you,
-ben
--
Benjamin Tomhave, MS, CISSP
tomh...@secureconsulting.net
Blog: http://www.secureconsulting.net/
Twitter: http://twitter.com/falconsview
LI
/charter.php SC-L is hosted and
moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free,
non-commercial service to the software security community.
___
--
Benjamin Tomhave, MS, CISSP
tomh...@secureconsulting.net
Blog: http
/
On 2/22/10 11:22 AM, Wall, Kevin wrote:
Benjamin Tomhave wrote:
... we're looking for hard research or
numbers that covers the cost to catch bugs in code pre-launch and
post-launch. The notion being that the organization saves itself money
if it does a reasonable amount of QA (and security
a reasonable amount of QA (and security testing) up front vs
trying to chase things down after they've been identified (and possibly
exploited).
Any help?
Thank you,
-ben
--
Benjamin Tomhave, MS, CISSP
tomh...@secureconsulting.net
Blog: http://www.secureconsulting.net/
Twitter: http
://www.KRvW.com)
as a free, non-commercial service to the software security community.
___
--
Benjamin Tomhave, MS, CISSP
tomh...@secureconsulting.net
Blog: http://www.secureconsulting.net/
Twitter: http://twitter.com/falconsview
LI: http://www.linkedin.com
, non-commercial service to the software security community.
___
--
Benjamin Tomhave, MS, CISSP
tomh...@secureconsulting.net
Blog: http://www.secureconsulting.net/
Twitter: http://twitter.com/falconsview
LI: http://www.linkedin.com/in/btomhave
that they should
be doing independently, it has a negative side effect on our economy by
causing folks to spend money in non-strategic ways.
-Original Message-
From: sc-l-boun...@securecoding.org
[mailto:sc-l-boun...@securecoding.org] On Behalf Of Benjamin Tomhave
Sent: Tuesday, February 02
charter available at
- http://www.securecoding.org/list/charter.php SC-L is hosted and
moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free,
non-commercial service to the software security community.
___
--
Benjamin Tomhave, MS, CISSP
NYSE has come out with findings on a Credit Suisse initiated DOS
issue... something so small, yet so fundamentally flawed...
http://arstechnica.com/business/news/2010/01/how-a-stray-mouse-click-choked-the-nyse-cost-a-bank-150k.ars
--
Benjamin Tomhave, MS, CISSP
tomh...@secureconsulting.net
Blog
.
___
--
Benjamin Tomhave, MS, CISSP
tomh...@secureconsulting.net
Blog: http://www.secureconsulting.net/
Twitter: http://twitter.com/falconsview
LI: http://www.linkedin.com/in/btomhave
[ Random Quote: ]
I have no special talent. I am only passionately curious
realistic to think that this
approach can be easily replicated? (somewhat ties back into
mandate/support, I suppose)
Thank you,
-ben
--
Benjamin Tomhave, MS, CISSP
tomh...@secureconsulting.net
Blog: http://www.secureconsulting.net/
Twitter: http://twitter.com/falconsview
LI: http://www.linkedin.com
, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___
--
Benjamin Tomhave, MS, CISSP
tomh...@secureconsulting.net
Blog: http://www.secureconsulting.net/
Twitter: http://twitter.com/falconsview
LI: http
Of interest, I hope...
http://www.secureconsulting.net/2010/01/the_three_domains_of_applicati.html
--
Benjamin Tomhave, MS, CISSP
tomh...@secureconsulting.net
Blog: http://www.secureconsulting.net/
Twitter: http://twitter.com/falconsview
LI: http://www.linkedin.com/in/btomhave
[ Random Quote
://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___
--
Benjamin Tomhave, MS, CISSP
tomh...@secureconsulting.net
information, discuss further, etc.
Thank you!
-ben
--
Benjamin Tomhave, MS, CISSP
tomh...@secureconsulting.net
Blog: http://www.secureconsulting.net/
Twitter: http://twitter.com/falconsview
LI: http://www.linkedin.com/in/btomhave
[ Random Quote: ]
It's not whether you get knocked down, it's
.
___
--
Benjamin Tomhave, MS, CISSP
fal...@secureconsulting.net
Blog: http://www.secureconsulting.net/
Twitter: http://twitter.com/falconsview
Photos: http://photos.secureconsulting.net/
Web: http://falcon.secureconsulting.net/
LI: http://www.linkedin.com/in/btomhave
[ Random Quote
--
Benjamin Tomhave, MS, CISSP
fal...@secureconsulting.net
Blog: http://www.secureconsulting.net/
Twitter: http://twitter.com/falconsview
Photos: http://photos.secureconsulting.net/
Web: http://falcon.secureconsulting.net/
LI: http://www.linkedin.com/in/btomhave
[ Random Quote: ]
Practice does not make
service to the software security community.
___
--
Benjamin Tomhave, MS, CISSP
fal...@secureconsulting.net
Blog: http://www.secureconsulting.net/
Twitter: http://twitter.com/falconsview
Photos: http://photos.secureconsulting.net/
Web: http
experience, and have been doing this work for nigh on 15 years. Full
resume is available here:
http://falcon.secureconsulting.net/resume/Ben_Tomhave.pdf
Thank you, and again apologies for interloping here,
-ben
--
Benjamin Tomhave, MS, CISSP
fal...@secureconsulting.net
Blog: http
, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___
--
Benjamin Tomhave, MS, CISSP
fal...@secureconsulting.net
Blog: http://www.secureconsulting.net/
Twitter: http://twitter.com/falconsview
Photos
it quickly.
Getting it and applying it IRL are of course two completely different
things. I still find it somewhat absurd that we even need to have this
discussion still after how many decades of curriculum development? :)
-ben
--
Benjamin Tomhave, MS, CISSP
fal...@secureconsulting.net
Blog: http
Associate 703.698.7454
goertzel_ka...@bah.com From:
Andy Steingruebl [stein...@gmail.com] Sent: Tuesday, August 25, 2009
1:14 PM To: Goertzel, Karen [USA] Cc: Benjamin Tomhave;
sc-l@securecoding.org Subject: Re: [SC-L] Where Does Secure Coding
Belong
to a
writing clinic for English and law schools -- that would reinforce it
not just for the students, but for the clinic staff as well.
This sounds like an excellent extension for OWASP. :)
-ben
--
Benjamin Tomhave, MS, CISSP
fal...@secureconsulting.net
Blog: http://www.secureconsulting.net
available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___
--
Benjamin Tomhave, MS, CISSP
fal
passwords would not be a bug or a violation of any sort
(except a violation of common sense). It would still, however, result
in poor security.
-- Karen Mercedes Goertzel, CISSP Booz Allen Hamilton 703.698.7454
goertzel_ka...@bah.com
-Original Message- From: Benjamin Tomhave
Goertzel, CISSP
Booz Allen Hamilton
703.698.7454
goertzel_ka...@bah.com
-Original Message-
From: sc-l-boun...@securecoding.org on behalf of Benjamin Tomhave
Sent: Thu 19-Mar-09 19:28
To: Secure Code Mailing List
Subject: Re: [SC-L] BSIMM: Confessions of a Software Security
-commercial service to the software security community.
___
--
Benjamin Tomhave, MS, CISSP
fal...@secureconsulting.net
LI: http://www.linkedin.com/in/btomhave
Blog: http://www.secureconsulting.net/
Photos: http://photos.secureconsulting.net/
Web: http
://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC
(http://www.KRvW.com) as a free, non-commercial service to the
software security community.
___
--
Benjamin Tomhave, MS, CISSP
fal...@secureconsulting.net
LI: http
message. It worked
for me. Try this?
http://www.downforeveryoneorjustme.com/bsi-mm.com
Brian
On 3/11/09 10:48 AM, Benjamin Tomhave list-s...@secureconsulting.net
wrote:
I think it's an interesting leap of faith. Statistically speaking, 9 is
a very small sample size. Thus
An interesting read. Not much to really argue with, I don't think.
http://www.veracode.com/blog/2008/11/we%e2%80%99ve-reached-the-application-security-tipping-point/
--
Benjamin Tomhave, MS, CISSP
[EMAIL PROTECTED]
LI: http://www.linkedin.com/in/btomhave
Blog: http://www.secureconsulting.net
Has anybody had opportunity to look at this tool for PHP source code
analysis? Just wondering about the relative merits vs other tools
already available.
http://www.0x00.com/?i=530
--
Benjamin Tomhave, MS, CISSP
[EMAIL PROTECTED]
LI: http://www.linkedin.com/in/btomhave
Blog: http
for a catalyst to spur the mutation so that it can
have a life of its own. :)
fwiw.
-ben
--
Benjamin Tomhave, MS, CISSP
[EMAIL PROTECTED]
LI: http://www.linkedin.com/in/btomhave
Blog: http://www.secureconsulting.net/
Photos: http://photos.secureconsulting.net/
Web: http://falcon.secureconsulting.net
too idealist. I'm curious what everyone else thinks.
cheers,
-ben
--
Benjamin Tomhave, MS, CISSP
[EMAIL PROTECTED]
LI: http://www.linkedin.com/in/btomhave
Blog: http://www.secureconsulting.net/
Photos: http://photos.secureconsulting.net/
Web: http://falcon.secureconsulting.net/
In answer
--
Benjamin Tomhave, MS, CISSP
[EMAIL PROTECTED]
LI: http://www.linkedin.com/in/btomhave
Blog: http://www.secureconsulting.net/
Photos: http://photos.secureconsulting.net/
Web: http://falcon.secureconsulting.net/
In answer to the question of why it happened, I offer the modest proposal
that our
outmoded technologies, but that we need to be cognizant of the
limited thought context and provide adequate explanation that is
_understood_ when challenging what is happening and providing
alternatives.
cheers,
-ben
--
Benjamin Tomhave, MS, CISSP
[EMAIL PROTECTED]
Web: http
should be refined to be business-oriented, extolling the
business risks associated with ignoring these practices and providing a
big arrow pointing in the direct of orgs like OWASP.
fwiw.
-ben
--
Benjamin Tomhave, MS, CISSP
[EMAIL PROTECTED]
Web: http://falcon.secureconsulting.net/
LI: http
Forwarding with permission... please send feedback directly to Anurag as
he is not currently a member of this list.
-ben
--
[ Random Quote: ]
Cyberspace. A consensual hallucination experienced daily by billions of
legitimate operators, in every nation, by children being taught
mathematical
Daniel J Bernstein, author of the qmail MTA, has written an interesting,
short paper on qmail security and the secure coding practices that went
into it. I imagine folks here will find it of interest, too.
http://cr.yp.to/qmail/qmailsec-20071101.pdf
--
Benjamin Tomhave, MS, CISSP
[EMAIL
-of-software-development/
Understanding Engineers: Feasibility
http://fishbowl.pastiche.org/2007/07/17/understanding_engineers_feasibility
cheers,
-ben
--
Benjamin Tomhave, MS, CISSP
[EMAIL PROTECTED]
Web: http://falcon.secureconsulting.net/
LI: http://www.linkedin.com/in/btomhave
Blog: http
to Donal Knuth speak, you might start tending to agree with
the argument. What do you think?
http://www.itwire.com.au/content/view/13339/53/
---
Benjamin Tomhave, MS, CISSP, NSA-IAM, NSA-IEM
[EMAIL PROTECTED]
Web: http://falcon.secureconsulting.net/
LI: http://www.linkedin.com/in/btomhave
Blog
technologies change.
fwiw.
-ben
---
Benjamin Tomhave, MS, CISSP, NSA-IAM, NSA-IEM
[EMAIL PROTECTED]
Web: http://falcon.secureconsulting.net/
LI: http://www.linkedin.com/in/btomhave
Blog: http://www.secureconsulting.net/
Photos: http://photos.secureconsulting.net/
We must scrupulously guard the civil
within the infosec genre.
fwiw tgif.
cheers,
-ben
--
Benjamin Tomhave, MS, CISSP, NSA-IAM, NSA-IEM
[EMAIL PROTECTED]
Web: http://falcon.secureconsulting.net/
LI: http://www.linkedin.com/profile?viewProfile=key=1539292
Blog: http://www.secureconsulting.net/
Photos: http
that resulted in their classification.
Or something like that...
cheers,
-ben
---
Benjamin Tomhave, CISSP, NSA-IAM, NSA-IEM
[EMAIL PROTECTED]
Web: http://falcon.secureconsulting.net/
LI: http://www.linkedin.com/profile?viewProfile=
http://www.linkedin.com/profile?viewProfile=key=1539292 key=1539292
Blog
. We need keep in mind the need to balance civil liberties against
universal trackability. Why does privacy need to be an illusion?
(*Note: A special thanks to my friend Bob Alberti of Sanction, Inc., for
proof-reading and providing input on this posting.)
---
Benjamin Tomhave, CISSP, NSA-IAM, NSA
), sending them to the devies, waiting 10-30 minutes, and
watching the vuln disappear like magic. Am curious how change mgmt works on
that, though... ;)
cheers,
-ben
---
Benjamin Tomhave, CISSP, NSA-IAM, NSA-IEM
[EMAIL PROTECTED]
Web: http://falcon.secureconsulting.net/
LI: http://www.linkedin.com/pub
50 matches
Mail list logo
