hi karen, Good point, and one that I usually make! I agree.
gem On 4/1/14, 9:16 AM, "Goertzel, Karen [USA]" <goertzel_ka...@bah.com> wrote: >The one point that's missing from the article is to remind people: What >the heck do you think firewalls are made of? Software! So unless a >software manufacturer has got "software security religion", their product >is just as likely to be "broken" inside than the things it allegedly >protects. > >=== >Karen Mercedes Goertzel, CISSP >Lead Associate >Booz Allen Hamilton >703.698.7454 >goertzel_ka...@bah.com > >"I love humans. Always seeing patterns in things that aren't there." >- The Doctor > >________________________________________ >From: SC-L [sc-l-boun...@securecoding.org] on behalf of Gary McGraw >[g...@cigital.com] >Sent: 31 March 2014 18:40 >To: Secure Code Mailing List >Subject: [External] [SC-L] Firewalls, Fairy Dust, and Forensics > >hi sc-l, > >Ever get discouraged that we have not been making enough progress in >software security? Well, we have been making plenty of progress and our >field is growing fast! This peppy little article (co-authored with >Sammy Migues) explains why firewalls, fairy dust, and forensics are not >working out for computer security. > >Oh, and software security is growing at 20% CAGR and now accounts for 10% >of the computer security market (which is itself growing at 8.9%). We >are in the right field, and the this mailing list is a major help. > >Please read this: >http://searchsecurity.techtarget.com/opinion/McGraw-Firewalls-fairy-dust-a >nd-forensics-Try-software-security Then have your SSG members read it. >You do have an SSG, right? > >Feel free to post links to twitter, facebook, linkedin, and send it >around (by pointer). I would really appreciate that. > >Thanks! > >gem > >company www.cigital.com >podcast www.cigital.com/silverbullet >blog www.cigital.com/justiceleague >book www.swsec.com > >_______________________________________________ >Secure Coding mailing list (SC-L) SC-L@securecoding.org >List information, subscriptions, etc - >http://krvw.com/mailman/listinfo/sc-l >List charter available at - http://www.securecoding.org/list/charter.php >SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) >as a free, non-commercial service to the software security community. >Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates >_______________________________________________ _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
