Hi Gary, I think you were on the right path describing software security and illustrating the difference between software security and web app security (even though I don't think it was intentional) when you talked about Pervasive Computing in a BankInfoSecurity podcast (starting at 5 min 10 sec). It should have been obvious to me before, but from that I also picked up on the distinction between applications that need to connect vs. web apps that connect between the client and the application itself.
For those interested, the podcast is here: http://www.bankinfosecurity.com/podcasts.php?podcastID=6 (registration required) Stephen On Sat, Nov 15, 2008 at 12:24 AM, Gary McGraw <[EMAIL PROTECTED]> wrote: > hi sc-l, > > Episode 32 of the Silver Bullet Security Podcast went live last night. This > episode features a chat with Web security guru Jeremiah Grossman. Among > other things, we talk about the relationship between Web app security and > software security: > http://www.cigital.com/silverbullet/ > > Jeremiah and I cross paths out there on the evangelism circuit pretty often > and it was nice to catch up with him. > > Near the end of our conversation, we raised the idea of whether all Web > security problems have analogs in the software security space and what that > might mean. After thinking more about that issue, I made it the subject of > this month's informIT column: > http://www.informit.com/articles/article.aspx?p=1309290 > > Please let me know what you think about the role that Web application > security plays in software security today (and whether you think we focus the > right amount of attention, too much, or too little). > > gem > > company www.cigital.com > podcast www.cigital.com/silverbullet > blog www.cigital.com/justiceleague > book www.swsec.com > > > > > _______________________________________________ > Secure Coding mailing list (SC-L) SC-L@securecoding.org > List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l > List charter available at - http://www.securecoding.org/list/charter.php > SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) > as a free, non-commercial service to the software security community. > _______________________________________________ > _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
