hi sc-l, I went to Blackhat for the first time ever this year (even though I am basically allergic to Las Vegas), and it got me started thinking about building things properly versus breaking things in our field. Blackhat was mostly about breaking stuff of course. I am not opposed to breaking stuff (see "Exploiting Software" from 2004), but I am worried about an overemphasis on breaking stuff.
After a quick and dirty blog entry on the subject <http://www.cigital.com/justiceleague/2011/08/09/building-versus-breaking-a-white-hat-goes-to-blackhat/>, I sat down and wrote a better article about it: Software [In]security: Balancing All the Breaking with some Building http://www.informit.com/articles/article.aspx?p=1750195 I've also had a chat with Adam Shostack (a member of the newly formed Blackhat Advisors) about the possibility of adding some building content to Blackhat. Go Adam! Do you agree that Blackhat could do with some building content?? gem company www.cigital.com podcast www.cigital.com/silverbullet blog www.cigital.com/justoceleague book www.swsec.com _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
