Hi all, If the WMF vulnerability teaches us anything, it teaches us that we need to pay more attention to flaws. We spend lots of time talking about bugs in software security (witness the perpetual flogging of the buffer overflow), but architectural problems are just as important and deserve just as much airplay.
My IT Architect column slated to appear in March makes this point a bit more forcefully: http://www.cigital.com/papers/download/3sec.ita.pdf BTW, the final countdown for the release of my new book "Software Security" has begun (I have yet to see an actual copy). I'll keep you posted. gem p.s. Hope to see many of you in person at the Software Security Summit in La Jolla next week. ---------------------------------------------------------------------------- This electronic message transmission contains information that may be confidential or privileged. The information contained herein is intended solely for the recipient and use by any other party is not authorized. If you are not the intended recipient (or otherwise authorized to receive this message by the intended recipient), any disclosure, copying, distribution or use of the contents of the information is prohibited. If you have received this electronic message transmission in error, please contact the sender by reply email and delete all copies of this message. Cigital, Inc. accepts no responsibility for any loss or damage resulting directly or indirectly from the use of this email or its contents. Thank You. ---------------------------------------------------------------------------- _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php
