McGovern, James F \(HTSC, IT\) [mailto:[EMAIL PROTECTED] writes:
the value of tools in this space are not really targeted at developers
but should be targeted at executives who care about overall quality and
security folks who care about risk. While developers are the ones to
remediate,
Robin Sheat [mailto:[EMAIL PROTECTED] wonders:
What I did was take the user's password to create a key
What happens when the user changes his password? I didn't quite follow it all,
but it looks to me like that means that all of a user's data has to be
decrypted and re-encrypted. You
McGovern, James F \(HTSC, IT\) [mailto:[EMAIL PROTECTED] writes:
I just conducted a super-official study of what my peers are reading by
walking a total of five aisles within a very large building. Here are a
list of magazines on folks desk:
- Infoworld
- Java Developers Journal
-
[EMAIL PROTECTED] writes:
certifications such as CISSP whereby the exams that
prove you are a security professional talk all about
physical security and network security but really don't
address software development in any meaningful way.
Perhaps what is needed is a separate certification.
Tim Hollebeek [mailto:[EMAIL PROTECTED] wonders:
are shops that insist on warning free compiles really that rare?
Yes. I've worked for or with many companies over the years, totalling probably
somewhere in the mid-teens or so. In all that, there was, to the best of my
recollection, only
Gary McGraw [mailto:[EMAIL PROTECTED] writes:
The main thing I wonder is, what do you think? When you have a hot
demonstration of an exploit, how do you responsibly release it?
This isn't so much about that, in the usual sense. This was, as you say, a
well-known vulnerability, one screamingly
Paolo Perego [mailto:[EMAIL PROTECTED] writes:
Software is like Titanic, pleople claim it was unsinkable. Securing is
providing it power steering
But power steering wouldn't have saved it. By the time the iceberg was
spotted, there was not enough time to turn that large a boat. Perhaps
mikeiscool [mailto:[EMAIL PROTECTED] writes:
The point remains though: trimming this down into a friendly little
phrase is, IMCO, useless.
One of the common problems in trying to persuade the masses of ANYTHING, be it
the importance of secure software, the factual or moral correctness of
Gary McGraw [mailto:[EMAIL PROTECTED] wrote:
I wrote a book with viega a few years ago called building secure
software...
Yes, John gave us all copies. Didn't bother to get it autographed though. :-)
it was not about that company (at all).
It certainly was not about the horribly broken