Re: [SC-L] How do we improve s/w developer awareness?

2004-11-12 Thread M Taylor
On Thu, Nov 11, 2004 at 04:56:20PM -0500, ljknews wrote: At 2:48 PM -0500 11/11/04, Paco Hope wrote: On 11/11/04 11:46 AM, ljknews [EMAIL PROTECTED] wrote: As a software developer, I care about such issues, but the compiliations you list are largely not applicable to the operating system

Re: [SC-L] How do we improve s/w developer awareness?

2004-11-12 Thread Gunnar Peterson
Concur that security is more colorless than most of the other ilities. My point is that the other domains which serve up the non-functional requirements are colorless to some degree as well. So in terms of how the other ility domains approach the quantification and elaboration of the goals that

Re: [SC-L] How do we improve s/w developer awareness?

2004-11-12 Thread Dana Epp
I think we have to go one step further. Its nice to know what the attack patterns are. A better thing to do is to know how to identify them during threat modeling, and then apply safeguards to mitigate the risk. ie: We need a merge of thoughts from Exploiting Software and Building Secure