in the Dallas area now, but open to moving for the right opportunity.
Please contact me off the list with any information. :)
I can summarize the PhD findings if anyone is interested.
Brad Andrews
andr...@rbacomm.com
CISM, CSSLP, GSEC, GCIH, GCIA, GCFW
can have perfectly secure code is to not allow someone to
use it. The same is true of bug free code, but that is another
argument. :)
Isn't this kind of like wanting the evil bit to be set in all
malicious packets? Great idea, but not achievable.
--
Brad Andrews
RBA Communications
CISM
Andrews
RBA Communications
CISM, CSSLP, SANS/GIAC GSEC, GCFW, GCIH, GPCI
Quoting Stephan Neuhaus stephan.neuh...@disi.unitn.it:
On Aug 21, 2009, at 17:51, Brad Andrews wrote:
Has anyone who holds to this taught a beginning level programming class?
I have. I taught a security class to undergrads
.
--
Brad Andrews
RBA Communications
CISM, CSSLP, SANS/GIAC GSEC, GCFW, GCIH, GPCI
Quoting Gary McGraw g...@cigital.com:
Software security is an intensely practical problem that will
require a practical approach. By studying organizations that are
doing a decent job, perhaps we can draw
is a challenge in many companies,
so some could argue my concerns are foolish. I think they are
important because you want to make sure any buy-in you eventually get
expects the right things. If you don't do this, you will end up in an
even worse position down the road.
--
Brad Andrews
RBA
deeper input inspection,
especially in a completely unrelated topic.
I am probably blowing some smoke here and I may disagree with myself
later, but I think this discussion is worth having.
--
Brad Andrews
RBA Communications
CISM, CSSLP, SANS/GIAC GSEC, GCFW, GCIH, GPCI
Quoting Mike Lyman
are also a lot more complicated, making the correct
proof much more difficult.
Can we really believe it is just around the corner to prove this?
--
Brad Andrews
RBA Communications
CISM, CSSLP, SANS/GIAC GSEC, GCFW, GCIH, GPCI
Quoting Cassidy, Colin (GE Infra, Energy) colin.cass...@ge.com
it is also not as conceptually interesting to many.
--
Brad Andrews
RBA Communications
CISM, CSSLP, SANS/GIAC GSEC, GCFW, GCIH, GPCI
Quoting Martin Gilje Jaatun secse-ch...@sislab.no:
His stance on this
is that if security were important to the customer, the customer would
provide and prioritize
are fixing security issues every day. Everyone doesn't share the
vision, unfortunately.
And some of those that see the problem don't have the budget and
executive support to fix the problem
--
Brad Andrews
RBA Communications
CSSLP, SANS/GIAC GSEC, GCFW, GCIH, GPCI
Quoting Andre Gironda
hear :)
--
Brad Andrews
RBA Communications
CSSLP, SANS/GIAC GSEC, GCFW, GCIH, GPCI
Quoting McGovern, James F (HTSC, IT) james.mcgov...@thehartford.com:
Sometimes integration is a good and bad thing.
___
Secure Coding mailing list (SC-L) SC-L
Thanks Karen, that site may have enough of what I can use. Still a
bit of work to do, but worth pursuing. The other sources were a bit
too short on the snippets side, which is my fault for not making the
question better.
I don't know how many of you used to read the C-Lint ads that said
Does anyone know of a source of insecure Java snippets? I would like
to get some for a monthly meeting of leading technical people. My
idea was to have a find the bug like the old C-Lint ads.
Does anyone know of a source of something like this.
Brad
Are any of these going to be recorded? That would help those of us
with no travel budget or time. :)
Brad
Quoting Gary McGraw g...@cigital.com:
hi sc-l,
Presumably some of you will be at RSA this year. I'm doing three
panels and a talk (with Brian Chess) on the BSIMM.
Thanks for all the replies. I did want to emphasize that I am
specifically looking for CBT versions of courses, not the
instructor-led variety. Someone asked me about what was available and
I said I would ask around. I have only seen the instructor-led ones
myself.
Thanks for all the
14 matches
Mail list logo