mikeiscool wrote:
On 7/17/06, Crispin Cowan [EMAIL PROTECTED] wrote:
Goertzel Karen wrote:
I've been struggling for a while to synthesise a definition of secure
software that is short and sweet, yet accurate and comprehensive.
My favorite is by Ivan Arce, CTO of Core Software, coming out
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dave Aronson
If you really want to compress that to bumper-sticker size, how about
Secure Software: Does what it's meant to. Period.
This encompasses both can't be forced NOT to do what it's
meant to do,
and can't be
On 7/17/06, Crispin Cowan [EMAIL PROTECTED] wrote:
mikeiscool wrote:
On 7/17/06, Crispin Cowan [EMAIL PROTECTED] wrote:
Goertzel Karen wrote:
I've been struggling for a while to synthesise a definition of secure
software that is short and sweet, yet accurate and comprehensive.
My
mikeiscool wrote:
On 7/17/06, Crispin Cowan [EMAIL PROTECTED] wrote:
supposed to goes to intent.
I don't know. I think there is a difference between this does what
it's supposed to do and this has no design faults. That's all I was
trying to highlight.
The difference between supposed to,
Hi all,
The silver bullet episode featuring Marcus Ranum went live recently:
http://www.cigital.com/silverbullet/
In the interview, we discuss software security progress briefly.
BTW, I did an interview with the mysterious Dana Epp (silverstr) last
week that is in the production pipeline.
mikeiscool [mailto:[EMAIL PROTECTED] writes:
The point remains though: trimming this down into a friendly little
phrase is, IMCO, useless.
One of the common problems in trying to persuade the masses of ANYTHING, be it
the importance of secure software, the factual or moral correctness of
Gary McGraw [mailto:[EMAIL PROTECTED] wrote:
I wrote a book with viega a few years ago called building secure
software...
Yes, John gave us all copies. Didn't bother to get it autographed though. :-)
it was not about that company (at all).
It certainly was not about the horribly broken
On Mon, 17 Jul 2006, Peter G. Neumann wrote:
Forget the bumper sticker approach.
Hey Peter. :)
Well, one should forget the bumper-sticker approach if all us broing dry
guys keep try to explain to people how math works.
Instead, teling them:
1+1=?
Didn't learn math, eh?
Is bumper-sticker
Gary, If you think security is a funny topic, try this one:
http://haha.nu/funny/funny-math/
___
Secure Coding mailing list (SC-L)
SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter
I prefer to define the opposite:
Insecure Software is like a joke,
Except others laugh at you
I like it because:
-it captures the notion that vulnerabilities, just like jokes, are very
often made apparent by thinking in a different context from the software's
designers (the straight man).
-It
Crispin Cowan wrote:
mikeiscool wrote:
On 7/17/06, Crispin Cowan [EMAIL PROTECTED] wrote:
supposed to goes to intent.
I don't know. I think there is a difference between this does what
it's supposed to do and this has no design faults. That's all I was
trying to highlight.
The difference
On Mon, Jul 17, 2006 at 05:48:59PM -0400, [EMAIL PROTECTED]
wrote:
I was recently looking at some code to do regular expression
matching, when it occurred to me that one can produce fairly small
regular expressions that require huge amounts of space and time.
There's nothing in the slightest
12 matches
Mail list logo
