On Mar 18, 2010, at 02:17, ljknews wrote:
Scripting languages should not be used for security-sensitive
programs.
And your evidence for this statement is?
Stephan
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information,
On Aug 25, 2009, at 02:35, Benjamin Tomhave wrote:
First, security in the software development concept is at least an
intermediate concept, if not advanced.
Not at all. That would be like saying that correctness is also an
advanced concept, because it gets in the way of coding. Security is
On Aug 25, 2009, at 17:35, Benjamin Tomhave wrote:
You don't teach proofs - not really. The elementary and junior high
curriculum generally does not contain anything about proofs
I was talking about college students because that's when I was
properly taught programming. That may no longer
On Aug 25, 2009, at 18:07, Andy Steingruebl wrote:
Sarcasmreally? First graders are learning to do math proofs instead
of basic addition? I'm quite surprised by this./Sarcasm
Yeah, sorry. When I wrote about students I meant college
students. I don't know, is that a difference between
--
Call for Papers
MetriSec 2009
5th International Workshop on SECURITY MEASUREMENTS AND METRICS
(Formerly the Workshop on Quality of Protection - QoP)
On Mar 18, 2009, at 23:14, Steven M. Christey wrote:
I believe this is reflected in public CVE data. Take a look at the
bugs
that are being reported for, say, Microsoft or major Linux vendors
or most
any product with a long history, and their current number 1's are
not the
same as
Hi Gary,
On Mar 19, 2009, at 16:27, Gary McGraw wrote:
Hi Stephan,
In my view, it would be even better to study the difference in
external bug emphasis (as driven by full disclosure and the CVE) and
internal bug emphasis (as driven by an organization's own top N list).
That is a