Hi sc-l,

This month's installment of my darkreading.com column focuses some much needed 
attention on the bug/flaw distinction that I think we need to pay more 
attention to.

In particular, many of you will recall the discussion of Javascript hijacking 
that Brian Chess posted to this list in March.  I found that work an 
interesting generalization of the Gmail/JSON problem.  However, I think that 
instead of focusing so much attention on the particulars of Javascript 
transport we need to focus on ***trust boundaries***.

Read all about it here: http://www.darkreading.com/document.asp?doc_id=125931

Please crosspost responses here and to the darkreading website.  I am 
interested in your opinion of the current "bug parade" problem we have in 
software security.


company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book www.swsec.com

Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.

Reply via email to