Don't forget about the millionaire cyber-terrorist, osama:/bin/login. ;-)
--
Dave Aronson - Have Pun, Will Babble | Work: davearonson.com | /\ ASCII
-+ Play: davearonson.net | \/ Ribbon
Specialization is for insects. | Life: dare2xl.com | /\ Campaign
forseeable types of
attacks, and (for quality) diDTRT(wtmb)itfoafto *errors* (including
those forced by an attack!) and is it maintainable.
-Dave
--
Dave Aronson - Have Pun, Will Babble | Work: davearonson.com | /\ ASCII
-+ Play: davearonson.net | \/ Ribbon
fine under
Linux (even without SE) or even Windows.
-Dave
--
Dave Aronson - Have Pun, Will Babble | Work: davearonson.com | /\ ASCII
-+ Play: davearonson.net | \/ Ribbon
Specialization is for insects. | Life: dare2xl.com | /\ Campaign
-Robert A. Heinlein
a week or
two. I will no longer be in a position related to security, but will
still participate here, and in the broader secure coding community, as
time allows -- and keep trying to spread the gospel. ;-)
Thanks for all your help,
Dave
--
Dave Aronson - Have Pun, Will Babble | Work
values of N, no.
-Dave
--
Dave Aronson, software engineer or trainer for hire.
Looking for job (or contract) in Washington DC area.
See http://davearonson.com/ for resume other info.
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List
years or so)
-Dave
--
Dave Aronson, software engineer or trainer for hire.
Looking for job (or contract) in Washington DC area.
See http://davearonson.com/ for resume other info.
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List
or Y.
Sometimes the security tradeoff is worth taking the hard way, but
sometimes the choice is to the point of being at all practical or not.
-Dave, making good progress on the job hunt, thanks in part to people here
--
Dave Aronson, software engineer soon to be for hire.
Looking for job
Thanks,
Dave
--
Dave Aronson: Have Pun, Will Babble | Work: davearonson.com | /\ ASCII
| Play: davearonson.net | \/ Ribbon
Specialization is for insects.| Life: dare2xl.com | /\ Campaign
-Robert A. Heinlein | Wife: nasjleti.net| EmailWeb
I mention PMPs,
CISSPs, MCSEs, MDs, JDs, DDSes, and other assorted CAS -- that's
Certified Alphabet Soup.
-Dave
--
Dave Aronson: Have Pun, Will Babble | Work: davearonson.com | /\ ASCII
| Play: davearonson.net | \/ Ribbon
Specialization is for insects
and
instead focus on enterprise concerns?
Unfortunately, that often means that ANY license at all for it will be
horrendously expensive, so that small shops are totally cut out.
-Dave
--
Dave Aronson
Specialization is for insects. -Heinlein
Work: http://www.davearonson.com/
Play: http
scheme.
Also, just how secure do you need it to be? Don't waste a thousand-dollar lock
on a fifty-dollar bicycle. Is this data actually a tempting target for
attackers who are clueful and resourceful (in both the senses of clever and
able to spend a lot)?
-Dave
--
Dave Aronson
Specialization
- Insurance Technology
- DMReview
- Intelligent Enterprise
- CIO
- Insurance Networking News
I'd also suggest Software Development, and maybe Information Security.
-Dave
--
Dave Aronson
Specialization is for insects. -Heinlein
Work: http://www.davearonson.com/
Play: http
[EMAIL PROTECTED] writes:
certifications such as CISSP whereby the exams that
prove you are a security professional talk all about
physical security and network security but really don't
address software development in any meaningful way.
Perhaps what is needed is a separate certification.
engineers), let alone
people in any position of authority to set such policies. :-(
-Dave
--
Dave Aronson
Specialization is for insects. -Heinlein
Work: http://www.davearonson.com/
Play: http://www.davearonson.net/
___
Secure Coding mailing list (SC-L
important news. Without this little bit of trivia, the sheeple will
just ass-u-me that the demo-giver was, as the PTBs will insinuate, a malefactor
in league with $ENEMY[$YEAR], and deserves to be shipped off to the Git-lag.
-Dave
--
Dave Aronson
Specialization is for insects. -Heinlein
Work: http
* people anyway. The avionics, medical, and suchlike fields
are quite another story.
Bill Anderson
Is this perchance the Bill Anderson who was my great grandboss until
he left BAE for Cryptek?
--
Dave Aronson
http://www.davearonson.com/
Specialization is for insects. -Heinlein
Paolo Perego [mailto:[EMAIL PROTECTED] writes:
Software is like Titanic, pleople claim it was unsinkable. Securing is
providing it power steering
But power steering wouldn't have saved it. By the time the iceberg was
spotted, there was not enough time to turn that large a boat. Perhaps
mikeiscool [mailto:[EMAIL PROTECTED] writes:
The point remains though: trimming this down into a friendly little
phrase is, IMCO, useless.
One of the common problems in trying to persuade the masses of ANYTHING, be it
the importance of secure software, the factual or moral correctness of
Gary McGraw [mailto:[EMAIL PROTECTED] wrote:
I wrote a book with viega a few years ago called building secure
software...
Yes, John gave us all copies. Didn't bother to get it autographed though. :-)
it was not about that company (at all).
It certainly was not about the horribly broken
Christopher Canova [EMAIL PROTECTED] wrote:
It seems to me that they may be shifting from a
Deploy-first-ask-questions-later tactic to a
Code-it-right-before-its-out-the-door.
They always did code it right before it's out the door. It's just a
question of where you put the comma. ;-
Gizmo [EMAIL PROTECTED] wrote:
the efficacy of the encryption is of some question.
Basically, it keeps honest people honest.
Sounds a little better than I thought, but I'd still be worried about the
owner name leaking into less honest hands.
1) The app is architected around the Btrieve
Gizmo [EMAIL PROTECTED] wrote:
I have a similar situation in one of my applications. The
customer wishes to secure the database. Since we use a Btrieve
database, the only way to do
this is be setting an owner name on the DB, and then
encrypting using the owner name as the password.
Crispin Cowan [EMAIL PROTECTED] wrote:
ISPs could also position a non-restricted account as an expert
account and charge extra for it.
That already happens in many cases, except they call it a business
class account. The only one I've heard called some kind of expert
account is that
[EMAIL PROTECTED]
[EMAIL PROTECTED]
In-Reply-To: [EMAIL PROTECTED]
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain;
charset=iso-8859-1
Content-Transfer-Encoding: 7bit
Message-Id: [EMAIL PROTECTED]
Sender: [EMAIL PROTECTED]
Precedence: bulk
Mailing-List: contact [EMAIL
Nash [EMAIL PROTECTED] wrote:
_Cuckoo's_Egg_, Clifford Stall.
http://www.amazon.com/exec/obidos/tg/detail/-/0671726889/102-7543362-
2026532?v=glance
[Ed. That's Cliff Stoll, not Stall. Great book, though -- IMHO!
KRvW]
For more on what Cliff's been up to lately, see:
Michael S Hines [EMAIL PROTECTED] wrote:
I've been compiling a list of programming languages..
You missed FORTRAN, ICON, REXX, SNOBOL, and the assorted OS-based shell
scripting languages (bash/csh/ksh/etc., VMS DCL, DOS .bat, etc.). I've
heard of JOVIAL, which I *think* is a programming
On Tue April 20 2004 12:34, Michael A. Davis wrote:
It is not the source code that is the
problem -- it is the developer.
The proof of the developer's grokking of secure coding, is in the code.
--
Dave Aronson, Senior Software Engineer, Secure Software Inc.
Email me at: work (D0T) 2004 (@T
, and you've got something.
B-)
--
Dave Aronson, Senior Software Engineer, Secure Software Inc.
Email me at: work (D0T) 2004 (@T) dja (D0T) mailme (D0T) org
(Opinions above NOT those of securesw.com unless so stated!)
WE'RE HIRING developers, auditors, and VP of Prof. Services.
28 matches
Mail list logo