RE: [SC-L] ACM Queue article and security education

2004-07-02 Thread Peter Amey
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Blue Boar Sent: 01 July 2004 21:03 To: ljknews Cc: [EMAIL PROTECTED] Subject: Re: [SC-L] ACM Queue article and security education ljknews wrote: I think it will be properly considered when the

RE: [SC-L] ACM Queue article and security education

2004-07-02 Thread Peter Amey
-Original Message- From: Blue Boar [mailto:[EMAIL PROTECTED] Sent: 01 July 2004 17:11 To: Peter Amey Cc: [EMAIL PROTECTED] Subject: Re: [SC-L] ACM Queue article and security education Peter Amey wrote: There are languages which are more suitable for the construction of

Re: [SC-L] ACM Queue article and security education

2004-07-02 Thread ljknews
At 1:02 PM -0700 7/1/04, Blue Boar wrote: ljknews wrote: I think it will be properly considered when the most strict portion of the software world is using language X. I have used many programs where the flaws in the program make it clear that I care not one whit about whether the authors of

[SC-L] Education and security -- another perspective (was ACM Queue - Content)

2004-07-02 Thread Wall, Kevin
Kenneth R. van Wyk wrote... FYI, there's an ACM Queue issue out that focuses on security -- see http://acmqueue.com/modules.php?name=Contentpa=list_pages_issuesissue_id=14 Two articles there that should be of interest to SC-L readers include Marcus Ranum's Security: The root of the problem

Re: [SC-L] ACM Queue article and security education

2004-07-02 Thread Blue Boar
Peter Amey wrote: I'm not entirely sure I follow this. I _think_ you are saying: since we can't be sure that X is perfect (because it might have 5 remaining flaws) then there is no point in adopting it. You seem to be saying that it doesn't matter if X is _demonstrably_much_better_ than Y, if it

[SC-L] Best practices training

2004-07-02 Thread Gary McGraw
Hi all, Some of you may be interested in a Tutorial on software security best practices that I will be giving at Usenix security this year. More information can be found here: http://www.usenix.org/events/sec04/training/ See you in San Diego in August. gem

[SC-L] Risk Analysis: Building Security In #3

2004-07-02 Thread Gary McGraw
Hi all, The third article in my IEEE Security Privacy magazine series called Building Security In is on Risk Analysis in Software Design. This article was co-authored by Denis Verdon of Fidelity National. As a service to the community, we're making advance copies available here: