hi sc-l, Whenever a computer security disaster story breaks (pretty much the only kind of coverage cyber security can expect in the major press) we have an opportunity (while people are paying attention) to talk about how to avoid future disasters. If we're lucky, we can leverage "the NASCAR effect" <http://www.darkreading.com/security/application-security/208803559/if-you-build-it-they-ll-crash-it.html> to discuss software security.
In my view, the only way we can get in front of modern malware is by building security in. I wrote about that for SearchSecurity in May: Eliminating badware addresses malware problem <http://searchsecurity.techtarget.com/opinion/Gary-McGraw-Eliminating-badware-addresses-malware-problem> (May 2012). Some of the Flame dustup in the press this week riffed on that idea and even mentioned the BSIMM (in the WSJ CIO Journal): http://blogs.wsj.com/cio/2012/05/29/cios-should-see-flame-as-a-call-to-arms/?KEYWORDS=hickins Also check out a related radio segment from Marketplace (aired on NPR): http://www.marketplace.org/topics/tech/flame-malware-burns-through-cyberspace It actually works to use the NASCAR effect to get our message out! gem company www.cigital.com podcast www.cigital.com/silverbullet blog www.cigital.com/justiceleague book www.swsec.com _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
