approach on this issue. We'd want to
know a lot more about how the economics work out on a small scale
before applying it to all software.
--
Andy Steingruebl
[EMAIL PROTECTED]
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information
On Nov 29, 2007 6:07 PM, Blue Boar [EMAIL PROTECTED] wrote:
Andy Steingruebl wrote:
I like contractual approaches to this problem myself. People buying
large quantities of software (large enterprises, governments) should
get contracts with vendors that specify money-back for each patch
to the development conference organizer?
--
Andy Steingruebl
[EMAIL PROTECTED]
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http
for our evangelizing...
Thoughts?
--
Andy Steingruebl
[EMAIL PROTECTED]
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http
with
developers, its whether its going to fly with the public at large.
Are people (and their proxies - Governments) going to finally demand a
change in the the rules/game?
--
Andy Steingruebl
[EMAIL PROTECTED]
___
Secure Coding mailing list (SC-L) SC-L
controls.
These pollution controls often inhibit your max speed, acceleration,
etc. They are really hard to, or impossible to disable. They also
make our environment cleaner.
Which is the right analogy for the personal computer?
--
Andy Steingruebl
[EMAIL PROTECTED
On Tue, Nov 25, 2008 at 9:48 AM, Gunnar Peterson [EMAIL PROTECTED]wrote:
but actually the main point of my post and the one i would like to
hear people's thoughts on - is to say that attempting to apply
principle of least privilege in the real world often leads to drilling
dry wells. i am
in the same way that if you
have mostly junior programmers who are lucky to get their code to compile
you're probably not going to have a lot of luck training them on formal
proofs, rigorous design, etc.
--
Andy Steingruebl
stein...@gmail.com
___
Secure
QA cycle.
--
Andy Steingruebl
stein...@gmail.com
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list
problem here isn't just type safety.
Just like in the HTML example. The core problem is that the language/format
mixes code and data with no way to differentiate between them.
Or is my brain working too slowly today?
--
Andy Steingruebl
stein...@gmail.com
class objects and I think
you'll see what I mean. http://en.wikipedia.org/wiki/Lambda_calculus
gem
(supposedly still on vacation, but it is a rainy day)
http://www.cigital.com/~gem http://www.cigital.com/%7Egem
On 3/24/09 2:50 PM, Andy Steingruebl stein...@gmail.com wrote:
On Mon, Mar 23
On Wed, Mar 25, 2009 at 10:18 AM, ljknews ljkn...@mac.com wrote:
Worry about enforcement by the hardware architecture after
you have squeezed out all errors that can be addressed by
software techniques.\
Larry,
Given the focus we've seen fro Microsoft and protecting developers from
On Wed, Aug 19, 2009 at 2:15 PM, Neil Matatallnmata...@uci.edu wrote:
Inspired by the What is the size of this list? discussion, I decided I
won't be a lurker :)
A question prompted by
http://michael-coates.blogspot.com/2009/04/universities-web-app-security.html
and the OWASP podcast
. And, even learning the basics
of what an algorithm are is tricky, much less learning defensive
programming, etc.
So, yes, it is an advanced concept for the majority of beginning programmers.
--
Andy Steingruebl
stein...@gmail.com
___
Secure Coding
.
Is the complexity and expression of it really the key piece here? Or
is it general resilience against failure, complexity spread out so
that the common enemies (transcription errors in one place) aren't
fatal. The system is designed against different threat models.
--
Andy Steingruebl
stein
a checklist to examine their code, and others not. Might be
interesting to see exactly what types of checklist items really result
in a reduction in bugs...
--
Andy Steingruebl
stein...@gmail.com
___
Secure Coding mailing list (SC-L) SC-L
On Tue, Mar 22, 2011 at 8:41 AM, Gary McGraw g...@cigital.com wrote:
hi sc-l,
The tie between malware (think zeus and stuxnet) and broken software of the
sort we work hard on fixing is difficult for some parts of the market to
fathom. I think it's simple: software riddled with bugs and
On Wed, Mar 23, 2011 at 8:14 AM, Gary McGraw g...@cigital.com wrote:
I agree that clueless users who click on whatever pops up lead to many
infections even when software is is reasonable shape, but I don't see that
as a reason not to build better software. Presumably, you guys at paypal
18 matches
Mail list logo