hi sc-l,
Some of us have been doing this software security thing for a long time (about
15 years in my case), and it is easy to overlook basic ideas that we believe
everybody already gets. During Cigital's internal technology fair this year, I
did a presentation on these basic truths which I
Gary McCraw wrote:
This month's informIT article covers the zombies:
[snip]
* Software security defects come in two main flavorsābugs at the
implementation level (code) and flaws at the architectural level (design)
So, two questions:
1) How is this (software *security* defects) different than
hi kevin,
I completely agree that bugs and flaws exist as two categories (with a
slippery slope between them) outside of security. It is important that we
focus on both kinds of defect since the narrative in software security has
mostly been about the bug parade. (See Getting Past the Bug Parade
