In my opinion, the most interesting thing about stuxnet was the payload. See: How to p0wn a Control System with Stuxnet <http://www.informit.com/articles/article.aspx?p=1636983> (September 23, 2010)
You might also listen to Langner on Silver Bullet (the longest episode ever, but a good one): http://www.cigital.com/silverbullet/show-059/ gem On 4/1/11 9:16 AM, "Ben Laurie" <b...@google.com> wrote: >On 31 March 2011 13:03, Gary McGraw <g...@cigital.com> wrote: >> hi sc-l, >> >> Yesterday, Microsoft released an SDL report card of sorts called "The >>SDL Progress Report." It covers the history of the SDL from 2004-2010. >>You should read it. >> >> >>http://www.microsoft.com/downloads/en/details.aspx?FamilyID=918179a7-61c9 >>-487a-a2e2-8da73fb9eade >> >> For some reason the tech press is mostly discussing DEP and ASLR >>adoption (covered on pages 18 and 19). Though I guess that is the >>"news" hook the PR flacks are hyping, I think there are many other parts >>of the report that have plenty to teach about how a software security >>initiative evolves. (WRT the two anti-exploit tactics, see an article I >>co-authored with Ivan Arce from Core Assume Nothing: Is Microsoft >>Forgetting a Crucial Security >>Lesson?<http://www.informit.com/articles/article.aspx?p=1588145> (April >>30, 2010).) >> >> Microsoft has made huge strides since the days of CodeRed, NIMDA and >>Slammer. > >Stuxnet? > >> The best part of what they're doing is being very open about the >>progress they are making and the approach that seems to be working for >>them. I, for one, would love to see other reports like this issued by >>software vendors. >> >> gem >> >> company www.cigital.com >> podcast www.cigital.com/silverbullet >> blog www.cigital.com/justiceleague >> book www.swsec.com >> >> _______________________________________________ >> Secure Coding mailing list (SC-L) SC-L@securecoding.org >> List information, subscriptions, etc - >>http://krvw.com/mailman/listinfo/sc-l >> List charter available at - http://www.securecoding.org/list/charter.php >> SC-L is hosted and moderated by KRvW Associates, LLC >>(http://www.KRvW.com) >> as a free, non-commercial service to the software security community. >> Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates >> _______________________________________________ >> _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
