Would love to see Gary address a couple of behaviors I have seen in my travel amongst architect types in corporate America especially the practice of secure application protocol design that isn't so secure. Is anyone writing/blogging deeply on this aspect?
Likewise, there are many folks in corporate America that have not yet acknowledged that they shouldn't be playing part-time cryptographer and don't have the competency to design cryptographic primitives such as hash functions and algorithms to protect data. Does anyone know of any "friendly" articles that speak to this problem space? ************************************************************************* This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies. ************************************************************************* _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php