Title: Who are you?! Adventures in Authentication
Workshop to be held at the Twelfth Symposium on Usable Privacy and
Security - SOUPS 2016
When: June 22, 2016
Where: Denver, CO
URL: https://www.usenix.org/conference/soups2016/workshop-who-are-you
Description:
Authentication, or the act of
Hi sc-l,
The latest episode of Silver Bullet features a conversation with David Nathans
from Siemens Healthcare. David got his start in security ops, and even wrote a
book about that. But he completely understands why product security is
essential in the modern world and has been moving
Title: Who are you?! Adventures in Authentication
Workshop to be held at the Twelfth Symposium on Usable Privacy and
Security - SOUPS 2016
When: June 22, 2016
Where: Denver, CO
URL: https://www.usenix.org/conference/soups2016/workshop-who-are-you
Description:
Authentication, or the act of
______ ___ ___ __ __
/ _ \ / _ \|__ \ / _ \/_ | / /
___| | | | ___| | | |_ __ ) | | | || |/ /_
/ __| | | |/ __| | | | '_ \/ /| | | || | '_ \
| (__| |_| | (__| |_| | | | | / /_| |_| || | (_) |
\___|\___/ \___|\___/|_| |_|
Title: Who are you?! Adventures in Authentication
Workshop to be held at the Twelfth Symposium on Usable Privacy and
Security - SOUPS 2016
When: June 22, 2016
Where: Denver, CO
URL: https://www.usenix.org/conference/soups2016
Description:
Authentication, or the act of proving that someone
hi sc-l,
Hard to believe, but Silver Bullet has been running for ten years---120 months
of shows in a row without missing a month. To celebrate this accomplishment,
we shot a video for episode 120 out by the Shenandoah river at my house. And
we turned the tables on the interview. Marcus
Title: Who are you?! Adventures in Authentication
Workshop to be held at the Twelfth Symposium on Usable Privacy and
Security - SOUPS 2016
When: June 22, 2016
Where: Denver, CO
URL: https://www.usenix.org/conference/soups2016
Description:
Authentication, or the act of proving that someone
Ruxcon 2016 Call For Presentations
Melbourne, Australia, October 22-23
CQ Function Centre
http://www.ruxcon.org.au
The Ruxcon team is pleased to announce the first round of Call For
Presentations for Ruxcon 2016.
This year the conference will take place over the weekend of the 22nd and 23rd
hi sc-l,
It’s leap day and RSA week!
We just posted Silver Bullet episode 119 featuring BSIMM co-author and IEEE CSD
co-founder Jacob West talking about the latest IEEE CSD report. Architecture
analysis lags behind other touchpoints when it comes to software security
practices. The CSD
http://ieee-security.org/TC/SPW2016/MoST/cfp.html
Mobile Security Technologies (MoST) 2016
co-located with
The 34th IEEE Symposium on Security and Privacy (IEEE S 2016)
an event of
The IEEE Computer Society's Security and Privacy Workshops (SPW 2016)
The Fairmont Hotel
San Jose, CA, USA
hi sc-l,
For the first Silver Bullet of 2016 I have a chat with Jack Daniel, co-founder
of the Bsides Conferences. We talk about security communities, the evolution
of the field, car repair, complex systems, the waning security Rennaissance,
and other matters. We conclude with a quick
http://ieee-security.org/TC/SPW2016/MoST/cfp.html
Mobile Security Technologies (MoST) 2016
co-located with
The 34th IEEE Symposium on Security and Privacy (IEEE S 2016)
an event of
The IEEE Computer Society's Security and Privacy Workshops (SPW 2016)
The Fairmont Hotel
San Jose, CA, USA
http://ieee-security.org/TC/SPW2016/MoST/cfp.html
Mobile Security Technologies (MoST) 2016
co-located with
The 34th IEEE Symposium on Security and Privacy (IEEE S 2016)
an event of
The IEEE Computer Society's Security and Privacy Workshops (SPW 2016)
The Fairmont Hotel
San Jose, CA, USA
My apologies. Here are the correct dates:
Paper submission deadline: January 29, 2016 (11:59pm US-PST)
Acceptance notification: March 7, 2016
Camera-ready deadline: March 25, 2016
Workshop day: May 26, 2016
http://ieee-security.org/TC/SPW2016/MoST/cfp.html
Mobile Security Technologies (MoST)
hi sc-l,
The current episode of the Silver Bullet Security Podcast features Jamie
Butler, CTO of Endgame. Jamie and I talk rootkits (he wrote the book with Greg
Hoglund), attack patters, defense and offense. Jamie has a long career in
security (17 years) spanning early days at Fort Meade,
hi sc-l,
Doug Maughan is one of the very good people who somehow works in the federal
government at DHS (I know). He has been funding reasonable science in computer
security since his early DARPA days and even once funded some of our work at
cigital. We talk about science, research, tech
http://ieee-security.org/TC/SPW2016/MoST/cfp.html
Mobile Security Technologies (MoST) 2016
co-located with
The 34th IEEE Symposium on Security and Privacy (IEEE S 2016)
an event of
The IEEE Computer Society's Security and Privacy Workshops (SPW 2016)
The Fairmont Hotel
San Jose, CA, USA
hi sc-l,
Cigital just posted Silver Bullet 115 which features an interview with mudge
(a.k.a., Peiter Zatko).
https://www.cigital.com/podcasts/show-115-peiter-mudge-zatko/
We talk l0pht, cult of the dead cow, early security days, testifying before
Congress, why the government is so confused
hi sc-l,
Today Cigital published Release 6 of the Building Security In Maturity Model
(BSIMM). The BSIMM now represents eight years of bringing science to the
software security. We have directly measured over 104 companies across
multiple industries (BSIMM6 covers 78 of them). BSIMM6 also
As the saying goes, a Unix server goes down and you have a bad weekend. A
Mainframe goes down and the earth stops rotating on its axis. To the latter
point, MQ Series and other messaging systems that communicate with Mainframes
and heritage(*) systems get next to no attention from the security
hi sc-l,
You’ve heard these before I’m sure. Working on expanding or improving your
software security initiative? Here are seven of the most common objections we
see all the time (and what to say in response).
Please read this article: http://bit.ly/swsec-myths
Hopefully you will all find
hi sc-l,
Episode 114 of Silver Bullet was just posted. This episode features Peter
“Pete” Clay who has served as a CISO in several firms (Deliotte, Invotas, Qlik)
and has provided security direction both in the Federal government and the
private sector.
Have a listen: http://bit.ly/SB-pete
hi sc-l,
I just posted some thoughts on the FTC and software security.
Have a look: http://bit.ly/gem-FTC
gem
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
On Wed, Sep 16, 2015 at 2:58 PM, Gary McGraw wrote:
> hi sc-l,
>
> I just posted some thoughts on the FTC and software security.
>
> Have a look: http://bit.ly/gem-FTC
+1, well written.
I've kinda ignored the FTC over the years, and focused on the state
laws covering data
hi sc-l,
Yesterday I recorded an episode of Threatpost with Dennis Fisher. We talk
about many current topics, including how to scale software security.
Have a listen and pass it on:
https://threatpost.com/gary-mcgraw-on-scalable-software-security-and-medical-device-security/114640/
Topics
The URL was apparently scrambled below. For the SB episode try:
http://bit.ly/SB-chandu
gem
On 8/31/15, 12:51 PM, "SC-L on behalf of Gary McGraw"
wrote:
>hi sc-l,
>
>The new episode of Silver Bullet features a conversation
Yes, we seem to abandon security mechanisms that (1) we can actually trust, and
(2) that Microsoft and Google refuse to build.
===
Karen Mercedes Goertzel, CISSP, CSSLP
Senior Lead Scientist
Booz Allen Hamilton
703.698.7454
goertzel_ka...@bah.com
"The hardest thing of all is to
find a black cat
Reference monitors were a lovely concept, largely invented for multilevel
security kernels and trusted computing bases, but are almost nonexistent
in that context. Yes, they'd be lovely to have, but even the NSA folks
seem to have abandoned them...
___
As far as I know, Microsoft integrated some reference monitoring into their OS
family under Fred Schneider’s guidance. They called it “inline reference
monitoring” and I believe they still use it.
gem
On 9/8/15, 8:49 AM, "SC-L on behalf of Goertzel, Karen [USA]"
It's been there since Windows NT 4.0, and is used with mandatory integrity
labels to enforce a mandatory integrity policy so that subjects with a lower
integrity label cannot access (and, most importantly, cannot modify) objects
with higher integrity labels.
It also exists separate from the
On Tue, Sep 8, 2015 at 7:44 PM, Gary McGraw wrote:
> As far as I know, Microsoft integrated some reference monitoring into their
> OS family under Fred Schneider’s guidance. They called it “inline reference
> monitoring” and I believe they still use it.
A related work by
Does anyone else remember "reference monitors"?
What an old-fashioned idea. But they'd certainly solve a lot of problems.
===
Karen Mercedes Goertzel, CISSP, CSSLP
Senior Lead Scientist
Booz Allen Hamilton
703.698.7454
goertzel_ka...@bah.com
"The hardest thing of all is to
find a black cat in a
hi sc-l,
The new episode of Silver Bullet features a conversation with Chandu Ketkar.
Chandu has 20+ years of experience in software, starting as a developer and
working his way to a secure design proponent. Have a listen:
On Thu, Aug 20, 2015 at 8:20 PM, Johan Peeters y...@johanpeeters.com wrote:
nice one, Gary. Finally something positive about agile and DevOps. A
trick that you may have missed is immutable servers, see Docker and
friends. They will be a leap forward for server security when they hit
the
nice one, Gary. Finally something positive about agile and DevOps. A
trick that you may have missed is immutable servers, see Docker and
friends. They will be a leap forward for server security when they hit
the mainstream.
___
Secure Coding mailing list
hi sc-l,
What is the relationship between dynamic languages and dynamic methodologies?
What is the impact on software security?
This article provides a gentle introduction: http://bit.ly/gem-dynamic
Feedback welcome. Pass it on.
gem
company www.cigital.com
podcast
hi sc-l,
For the latest episode of Silver Bullet, we spoke to two of the fifteen
co-authors of the Keys Under Doormats paper describing the technical peril of
implementing crypto back doors as FBI Director Comey has suggested. Steve
Bellovin comes at the problem with years of experience and
In case anyone needs a summer project, I wonder what percentage of issues
discussed in the 111 shows are still issues today?
-gunnar
On Jul 7, 2015, at 11:45 AM, Kevin W. Wall kevin.w.w...@gmail.com wrote:
Ah, I see...so the dirty trick is that you are finally doing reruns.
Syndication
Ah, I see...so the dirty trick is that you are finally doing reruns.
Syndication can't be far behind. ;-)
-kevin
Sent from my Droid; please excuse typos.
On Jul 7, 2015 12:07 PM, Gary McGraw g...@cigital.com wrote:
hi sc-l,
Silver Bullet episode 111 is a sneaky one based around a “dirty
Ruxcon 2015 Final Call For Presentations
Melbourne, Australia, October 24-25
CQ Function Centre
http://www.ruxcon.org.au
The Ruxcon team is pleased to announce the first round of Call For
Presentations for Ruxcon 2015.
This year the conference will take place over the weekend of the 24th and
hi sc-l,
Silver Bullet episode 111 is a sneaky one based around a “dirty brilliant
trick. The episode features Marcus Ranum, inventor of the proxy firewall and
all around security guru. We talk about perimeter security, software security,
security progress (or lack of such) and whether
hi sc-l,
Silver Bullet episode 110 features Paul Dorey. Paul was one of the original
CSOs of Europe, ultimately serving as the CSO of BP. He and I are on an
Advisory Board together, and most recently, Paul and I did a “fernside chat” at
the BSIMM Europe Conference. We talk about the CSO
hi sc-l,
Lots of us have RSA Conference goo leaking out of our ears by now. Yerg.
Here’s a quick antidote from a serious cryptographer. Bart Preneel is a
professor at KL Leuven University (founded in 1425). He is an exceptional
cryptographer and a huge supporter of software security in
Ruxcon 2015 Call For Presentations
Melbourne, Australia, October 24-25
CQ Function Centre
http://www.ruxcon.org.au
The Ruxcon team is pleased to announce the first round of Call For
Presentations for Ruxcon 2015.
This year the conference will take place over the weekend of the 24th and 25th
hi sc-l,
During the last BSIMM Conference in Monterey, CA, Caroline Wong ran a
workshop/session during which all 23 firms present shared their BSIMM
structures with eachother. The event was organized as a poster session. It was
a great event. Caroline and I took the data, crunched it,
hi sc-l,
Just in time for my Spring Break college tour with Eli, here is Silver Bullet
episode 108, an interview with HackerOne’s Katie Moussouris.
Katie and I talk about bug bounties, early coding (sadly she was a C64 person
instead of an Apple ][+ person), SDL, BlueHat, mentors, and more.
Submission deadline has been extended to this Friday, February 27.
http://ieee-security.org/TC/SPW2015/MoST/cfp.html
MOBILE SECURITY TECHNOLOGIES (MOST) 2015
Thursday, May 21, 2015
The Fairmont Hotel, San Jose, CA
Mobile Security Technologies (MoST) brings together researchers,
practitioners,
Submission deadline is this Sunday.
http://ieee-security.org/TC/SPW2015/MoST/cfp.html
MOBILE SECURITY TECHNOLOGIES (MOST) 2015
Thursday, May 21, 2015
The Fairmont Hotel, San Jose, CA
Mobile Security Technologies (MoST) brings together researchers,
practitioners, policy makers, and hardware and
hi sc-l,
I wrote my latest SearchSecurity article based on conversations I have been
having with a number of CSOs and security execs. It’s about what happens when
risk management goes bad. The biggest failure condition seems to be “ignoring
the lows” entirely.
Anyway, have a read and pass
Gary,
On Sat, Feb 21, 2015 at 6:13 AM, Gary McGraw g...@cigital.com wrote:
I wrote my latest SearchSecurity article based on conversations I have been
having with a number of CSOs and
security execs. It’s about what happens when risk management goes bad. The
biggest failure condition
hi christian,
Good point.
A combined risk score based on “SIL” levels is what I was using in my
article. The combination risk score takes into account both technology
risk and business risk. Using one component or the other alone is folly.
gem
On 2/24/15, 4:13 AM, Christian Heinrich
hi sc-l,
An entire gaggle of devs and architects interviews me about software security.
have a listen. Pass it on
http://thewebplatform.libsyn.com/28-securing-your-web-applications
gem
company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book
hi sc-l,
What’s better than the Superbowl? Silver Bullet of course! Hah. Have a
listen to episode 106 featuring Steve Katz, widely revered as the world’s first
CISO. Steve has served as CISO of citibank/citigroup, JP Morgan, Merril Lynch,
and Kaiser Permanente. (We serve on one Advisory
http://ieee-security.org/TC/SPW2015/W2SP/cfp.html
Dear Colleagues,
Please consider to submit and/or forward to the appropriate
groups/personnel the opportunity to submit to the Web 2.0 Security and
Privacy Workshop (W2SP) which is held as part of the IEEE Computer Society
Security and
http://ieee-security.org/TC/SPW2015/MoST/cfp.html
MOBILE SECURITY TECHNOLOGIES (MOST) 2015
Thursday, May 21, 2015
The Fairmont Hotel, San Jose, CA
Mobile Security Technologies (MoST) brings together researchers,
practitioners, policy makers, and hardware and software developers of
mobile
hi sc-l,
Merry New Year to you all!!
Episode 105 of Silver Bullet is an interview with Whitfield Diffie. Whit
co-invented PKI among other things. We have an in depth talk about crypto,
computation, LISP, AI, quantum key distro, and more
http://bit.ly/SB-diffie
As always, your feedback on
http://ieee-security.org/TC/SPW2015/MoST/
MOBILE SECURITY TECHNOLOGIES (MOST) 2015
Thursday, May 21, 2015
The Fairmont Hotel, San Jose, CA
Mobile Security Technologies (MoST) brings together researchers,
practitioners, policy makers, and hardware and software developers of
mobile systems to
hi sc-l,
Silver Bullet episode 103 features Brian Krebs, whose website
http://krebsonsecurity.com is among the leading security reporting sites on
the planet. Brian was once a reporter for the Washington Post, but he went
solo after being let go (too deep for the dinosaur). Krebs broke a number
hi sc-l,
The 102nd monthly episode of the Silver Bullet podcast features a conversation
with Richard Danzig. Richard is a very accomplished leader who served as
Secretary of the Navy (among other powerful positions). He is currenty a
member of the Board of the Center for a New American
hi sc-l,
This evening in SF we are officially launching the IEEE Center for Seure Design
with a small event including security people and press. Jim DelGrosso and I
will make a short presentation about the CSD during the launch.
I devoted both of my monthly pieces (Silver Bullet and
Ruxcon 2014 Call For Presentations
Melbourne, Australia, October 11th-12th
CQ Function Centre
http://www.ruxcon.org.au
The Ruxcon team is pleased to announce the Final Call For Presentations for
Ruxcon 2014.
This year the conference will take place over the weekend of the 11th and 12th
of
Agree with you - there's nothing new in the article. I gave a talk a
couple years ago at a conference on biomedical engineering, and there was
one person in the room (out of a few hundred) who had heard of Therac-25.
(Which I assume is what you were referring to with 1985.)
If the article were
Another big frustration: No-one seems to be making any real headway into the
problem of actually measuring loss attributable to doing nothing - or, in other
words, losses cradle to grave from operating insufficiently secure systems.
People try to measure ROI from security, which is a ridiculous
hi sc-l,
Chandu Ketkar and I wrote an article about medical device security based on a
talk Chandu gave at Kevin Fu’s Archimedes conference in Ann Arbor. In the
article, we discuss six categories of security defects that Cigital discovers
again and again when analyzing medical devices for our
hi sc-l,
Silver Bullet Security Podcast number 99 (99 months in a row!!) was just
posted. This episode features a programming languages smorgasbord with Michael
Hicks, professor of CS and security at University of Maryland. We talk type
safety, closure, why C is bad, what makes dynamic
hi sc-l,
Bart Miller, computer science professor from Wisconsin, coined the term fuzz
testing in 1990. He also is the PI for the DHS SWAMP---a software assurance
marketplace of sorts. Bart knows a ton abiut software analysis.
In episode 98 of Silver Bullet, we geek out about software
Breakpoint 2014 Call For Papers
Melbourne, Australia, October 8th-9th
Intercontinental Rialto
http://www.ruxconbreakpoint.com
.[x]. Introduction .[x].
The Ruxcon team is pleased to announce Call For Papers for Breakpoint 2014.
Breakpoint showcases the work of expert security researchers from
hi sc-l,
Heartbleed? Who cares? We do. Real lessons here http://bit.ly/1lBKDsE
Silver Bullet 97. Programming languages actually matter.
http://www.cigital.com/silver-bullet/show-097/
Read. Listen. Share. React.
We want your feedback.
gem
Ruxcon 2014 Call For Presentations
Melbourne, Australia, October 11th-12th
http://www.ruxcon.org.au
The Ruxcon team is pleased to announce the Call For Presentations for Ruxcon
2014.
This year the conference will take place over the weekend of the 11th and 12th
of October at the CQ Function
http://mostconf.org/2014/cfp.html
Mobile Security Technologies (MoST) 2014
Saturday May 17, 2014
co-located with
The 34th IEEE Symposium on Security and Privacy (IEEE SP 2014)
an event of
The IEEE Computer Society's Security and Privacy Workshops (SPW 2014)
Mobile Security Technologies
http://w2spconf.com/2014/
WEB 2.0 SECURITY AND PRIVACY 2014 WORKSHOP CALL FOR PAPERS
IMPORTANT DATES
Workshop date: Sunday, May 18, 2014
W2SP brings together researchers, practitioners, web programmers, policy
makers, and others interested in the latest understanding and advances in
the
Ruxcon 2014 Call For Presentations
Melbourne, Australia, October 11th-12th
http://www.ruxcon.org.au
The Ruxcon team is pleased to announce the Call For Presentations for Ruxcon
2014.
This year the conference will take place over the weekend of the 11th and 12th
of October at the CQ Function
http://w2spconf.com/2014/
WEB 2.0 SECURITY AND PRIVACY 2014 WORKSHOP CALL FOR PAPERS
IMPORTANT DATES
Workshop date: Sunday, May 18, 2014
W2SP brings together researchers, practitioners, web programmers, policy
makers, and others interested in the latest understanding and advances in
the
The one point that's missing from the article is to remind people: What the
heck do you think firewalls are made of? Software! So unless a software
manufacturer has got software security religion, their product is just as
likely to be broken inside than the things it allegedly protects.
===
hi karen,
Good point, and one that I usually make! I agree.
gem
On 4/1/14, 9:16 AM, Goertzel, Karen [USA] goertzel_ka...@bah.com wrote:
The one point that's missing from the article is to remind people: What
the heck do you think firewalls are made of? Software! So unless a
software
hi sc-l,
Nate Fick is an interesting man. He has a classics degree from Dartmouth,
where he is now a Trustee. He served combat tours in Afghanistan and Iraq,
resulting in the book “One Bullet Away” and the HBO series “Generation Kill.”
He served as the CEO of an important new think thank,
hi sc-l,
Ever get discouraged that we have not been making enough progress in software
security? Well, we have been making plenty of progress and our field is
growing fast! This peppy little article (co-authored with Sammy Migues)
explains why firewalls, fairy dust, and forensics are not
hi sc-l,
I was asked to write an article for IEEE Computer’s security column this month.
It’s about software security.
Security Fatigue? Shift Your
Paradigmhttp://www.cigital.com/presentations/mco2014030081.pdf, (IEEE
Computer Society, March 2014)
As always, your feedback is welcome. You
hi sc-l,
Tonight at 6pm EST I will be participating in a paul dot com webcast and
talking all things software security. Please tune in if you can, and spread
the word!
http://securityweekly.com/watch
gem
company www.cigital.com
podcast www.cigital.com/silverbullet
blog
http://mostconf.org/2014/cfp.html
Mobile Security Technologies (MoST) 2014
co-located with
The 34th IEEE Symposium on Security and Privacy (IEEE SP 2014)
an event of
The IEEE Computer Society's Security and Privacy Workshops (SPW 2014)
Mobile Security Technologies (MoST) brings together
WEB 2.0 SECURITY AND PRIVACY 2014 WORKSHOP CALL FOR PAPERS
IMPORTANT DATES
Paper submission deadline: March 5, 2014 (11:59pm US-PST)
Workshop acceptance notification date: March 29, 2014
Workshop date: Sunday, May 18, 2014
Workshop paper submission web site:
hi sc-l,
Greetings from RSA, where the show gets underway today. I hope to see some
sc-l readers out here. (Come see us duing the show
https://www.cigital.com/blog/2014/01/rsa-2014/.)
Episode 95 of silver bullet features a conversation with Charie Miller, who now
works at Twitter as a
WEB 2.0 SECURITY AND PRIVACY 2014 WORKSHOP CALL FOR PAPERS
IMPORTANT DATES
Paper submission deadline: February 26, 2014 (11:59pm US-PST)
Workshop acceptance notification date: March 29, 2014
Workshop date: Sunday, May 18, 2014
Workshop paper submission web site:
http://mostconf.org/2014/cfp.html
Mobile Security Technologies (MoST) 2014
co-located with
The 34th IEEE Symposium on Security and Privacy (IEEE SP 2014)
an event of
The IEEE Computer Society's Security and Privacy Workshops (SPW 2014)
Mobile Security Technologies (MoST) brings together
Hello dear secure coding fellows,
fyi: we just opened the Call for Papers for the upcoming OWASP AppSec
Europe in Cambridge in June 2014.
Closing deadline: March 21st
Please be invited to submit your papers, presentations, research papers
and training proposals.
2 weeks until the submission deadline
WEB 2.0 SECURITY AND PRIVACY 2014 WORKSHOP CALL FOR PAPERS
IMPORTANT DATES
Paper submission deadline: February 26, 2014 (11:59pm US-PST)
Workshop acceptance notification date: March 29, 2014
Workshop date: Sunday, May 18, 2014
Workshop paper submission web
In this episode Karl Sigler sit's down with Grayson Lenik, a forensic expert
for Trustwave SpiderLabs. We talk about Point-of-Sale malware, including common
web application security attack vectors as well as remediation steps to help
protect businesses using POS systems.
Dear Collegues,
Please consider submitting papers to IWCC (International Workshop on Cyber
Crime) 2014 which is is part of the IEEE CS Security amp; Privacy Workshops
(SPW 2014), an event of the IEEE CS Technical Committee on Security and Privacy
and like last year will be co-located with IEEE
http://mostconf.org/2014/cfp.html
Mobile Security Technologies (MoST) 2014
co-located with
The 34th IEEE Symposium on Security and Privacy (IEEE SP 2014)
an event of
The IEEE Computer Society's Security and Privacy Workshops (SPW 2014)
Mobile Security Technologies (MoST) brings together
WEB 2.0 SECURITY AND PRIVACY 2014 WORKSHOP CALL FOR PAPERS
IMPORTANT DATES
Paper submission deadline: February 26, 2014 (11:59pm US-PST)
Workshop acceptance notification date: March 29, 2014
Workshop date: Sunday, May 18, 2014
Workshop paper submission web site:
hi sc-l,
Episode 94 (in a row) of Silver Bullet features a conversation with Ming Chow,
a developer who got interested in security and accidentally became a software
security guy teaching at Tufts. We talk about that. We talk about exploiting
online games (and using that as a teaching
hi sc-l,
The latest monthy SearchSecurity article was co-authored with Jim Routh, CSO of
Aetna. What Jim is doing for his fifth (!!) software security initiative is
very interesting. So interesting that we decided to write about it.
In particular pay attention to Jim's use of a light weight
http://mostconf.org/2014/cfp.html
Mobile Security Technologies (MoST) 2014
co-located with
The 34th IEEE Symposium on Security and Privacy (IEEE SP 2014)
an event of
The IEEE Computer Society's Security and Privacy Workshops (SPW 2014)
Mobile Security Technologies (MoST) brings together
WEB 2.0 SECURITY AND PRIVACY 2014 WORKSHOP CALL FOR PAPERS
IMPORTANT DATES
Paper submission deadline: February 26, 2014 (11:59pm US-PST)
Workshop acceptance notification date: March 29, 2014
Workshop date: Sunday, May 18, 2014
Workshop paper submission web site:
For anyone interested in this topic and working in appsec and/or dev, there’s a
survey by the trusted software alliance which touches on some of these
questions here: https://www.surveymonkey.com/s/Developers_and_AppSec
On Jan 7, 2014, at 8:07 PM, Christian Heinrich
Stephen,
On Sat, Jan 4, 2014 at 8:12 PM, Stephen de Vries
step...@continuumsecurity.net wrote:
Leaving the definition of agile aside for the moment, doesn’t the fact that
the BSIMM measures
organisation wide activities but not individual dev teams mean that we could
be drawing inaccurate
Hi Sammy, Antti,
On 20 Dec 2013, at 17:29, Sammy Migues smig...@cigital.com wrote:
Also, in nearly all cases, it would be very hard to characterize an entire
firm or even an entire business unit in larger firms as Agile or not. Many
larger firms use Agile for only a small percentage of
Dear Collegues,
Please consider submitting papers to IWCC 2014 (International Workshop on Cyber
Crime) which is is part of the IEEE CS Security Privacy Workshops (SPW 2014),
an event of the IEEE CS Technical Committee on Security and Privacy and like
last year will be co-located with IEEE SP
hi sc-l,
Following on the heels of our SearchSecurity article on Architectural Risk
Analysis (probably the most difficult touchpoint in software security), Jim
DelGrosso and I write about how to scale ARA.
http://bit.ly/19Jmk7f (or
hi sc-l,
When it rains, it pours. Just in time for xmas eve, here is Silver Bullet
episode 93. The podcast features a discussion with Yoshi Kohno (a cigital
alum) who is now a computer science professor at University of Washington.
You've probably heard of Yoshi's car hacking stuff (or
1 - 100 of 2400 matches
Mail list logo