On 11 May 2012 20:07, Gary McGraw <g...@cigital.com> wrote: > The article does not suggest otherwise.
Well, it certainly does _suggest_ it: "All of the things that we do to improve software security are aimed explicitly at the badware problem." It doesn't say it, though, I agree. > > gem > > On 5/11/12 1:51 PM, "Ben Laurie" <b...@google.com> wrote: > >>On 8 May 2012 07:18, Gary McGraw <g...@cigital.com> wrote: >>> hi sc-l, >>> >>> What¹s worse, bad software or malicious software? In fact, what¹s the >>>difference? >>> >>> My second column for SearchSecurity is all about that. Read it today. >>>And pass it on. >>> >>>http://searchsecurity.techtarget.com/opinion/Gary-McGraw-Eliminating-badw >>>are-addresses-malware-problem >>> >>> Bottom line: Talking about malware may be more fun and entertaining >>>than talking about endless security bugs, but if we¹re going to combat >>>malware we have to start with the badware vector. >> >>Fixing badware universally would plug one hole - and it's certainly a >>hole worth plugging. But it won't eliminate malware - it seems it is >>not hard to persuade users to install it for you, for example. >> >>> >>> gem >>> >>> company www.cigital.com >>> podcast www.cigital.com/silverbullet >>> blog www.cigital.com/justiceleague >>> book www.swsec.com >>> >>> _______________________________________________ >>> Secure Coding mailing list (SC-L) SC-L@securecoding.org >>> List information, subscriptions, etc - >>>http://krvw.com/mailman/listinfo/sc-l >>> List charter available at - http://www.securecoding.org/list/charter.php >>> SC-L is hosted and moderated by KRvW Associates, LLC >>>(http://www.KRvW.com) >>> as a free, non-commercial service to the software security community. >>> Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates >>> _______________________________________________ > _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
