subject:"Re\: \[SC\-L\] \[External\] Firewalls, Fairy Dust, and Forensics"

Re: [SC-L] [External] Firewalls, Fairy Dust, and Forensics

2014-04-04 Thread Goertzel, Karen [USA]

The one point that's missing from the article is to remind people: What the 
heck do you think firewalls are made of? Software! So unless a software 
manufacturer has got software security religion, their product is just as 
likely to be broken inside than the things it allegedly protects. 

===
Karen Mercedes Goertzel, CISSP
Lead Associate
Booz Allen Hamilton
703.698.7454
goertzel_ka...@bah.com

I love humans. Always seeing patterns in things that aren't there.
- The Doctor


From: SC-L [sc-l-boun...@securecoding.org] on behalf of Gary McGraw 
[g...@cigital.com]
Sent: 31 March 2014 18:40
To: Secure Code Mailing List
Subject: [External]  [SC-L] Firewalls, Fairy Dust, and Forensics

hi sc-l,

Ever get discouraged that we have not been making enough progress in software 
security?  Well, we have been making plenty of progress and our field is 
growing fast!   This peppy little article (co-authored with Sammy Migues) 
explains why firewalls, fairy dust, and forensics are not working out for 
computer security.

Oh, and software security is growing at 20% CAGR and now accounts for 10% of 
the computer security market (which is itself growing at 8.9%).  We are in the 
right field, and the this mailing list is a major help.

Please read this: 
http://searchsecurity.techtarget.com/opinion/McGraw-Firewalls-fairy-dust-and-forensics-Try-software-security
  Then have your SSG members read it.  You do have an SSG, right?

Feel free to post links to twitter, facebook, linkedin, and send it around (by 
pointer).  I would really appreciate that.

Thanks!

gem

company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book www.swsec.com

___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
___

___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
___

Re: [SC-L] [External] Firewalls, Fairy Dust, and Forensics

2014-04-04 Thread Gary McGraw

hi karen,

Good point, and one that I usually make!  I agree.

gem

On 4/1/14, 9:16 AM, Goertzel, Karen [USA] goertzel_ka...@bah.com wrote:

The one point that's missing from the article is to remind people: What
the heck do you think firewalls are made of? Software! So unless a
software manufacturer has got software security religion, their product
is just as likely to be broken inside than the things it allegedly
protects. 

===
Karen Mercedes Goertzel, CISSP
Lead Associate
Booz Allen Hamilton
703.698.7454
goertzel_ka...@bah.com

I love humans. Always seeing patterns in things that aren't there.
- The Doctor


From: SC-L [sc-l-boun...@securecoding.org] on behalf of Gary McGraw
[g...@cigital.com]
Sent: 31 March 2014 18:40
To: Secure Code Mailing List
Subject: [External]  [SC-L] Firewalls, Fairy Dust, and Forensics

hi sc-l,

Ever get discouraged that we have not been making enough progress in
software security?  Well, we have been making plenty of progress and our
field is growing fast!   This peppy little article (co-authored with
Sammy Migues) explains why firewalls, fairy dust, and forensics are not
working out for computer security.

Oh, and software security is growing at 20% CAGR and now accounts for 10%
of the computer security market (which is itself growing at 8.9%).  We
are in the right field, and the this mailing list is a major help.

Please read this: 
http://searchsecurity.techtarget.com/opinion/McGraw-Firewalls-fairy-dust-a
nd-forensics-Try-software-security  Then have your SSG members read it.
You do have an SSG, right?

Feel free to post links to twitter, facebook, linkedin, and send it
around (by pointer).  I would really appreciate that.

Thanks!

gem

company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book www.swsec.com

___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc -
http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
___


___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
___

Re: [SC-L] [External] Firewalls, Fairy Dust, and Forensics

Re: [SC-L] [External] Firewalls, Fairy Dust, and Forensics

2 matches

Site Navigation

Mail list logo

Footer information