[SC-L] Mobile phone OS security changing?

2005-04-06 Thread Kenneth R. van Wyk
Greetings, I noticed an interesting article about a mobile phone virus affecting Symbian-based phones out on Slashdot today. It's an interesting read: http://it.slashdot.org/it/05/04/06/0049209.shtml?tid=220tid=100tid=193tid=137 What particularly caught my attention was the sentence, Will

[SC-L] Application Insecurity --- Who is at Fault?

2005-04-06 Thread Kenneth R. van Wyk
Greetings++, Another interesting article this morning, this time from eSecurityPlanet. (Full disclosure: I'm one of their columnists.) The article, by Melissa Bleasdale and available at http://www.esecurityplanet.com/trends/article.php/3495431, is on the general state of application

Re: [SC-L] Application Insecurity --- Who is at Fault?

2005-04-06 Thread Michael Silk
Quoting from the article: ''You can't really blame the developers,'' I couldn't disagree more with that ... It's completely the developers fault (and managers). 'Security' isn't something that should be thought of as an 'extra' or an 'added bonus' in an application. Typically it's just about

[SC-L] SOS: Service Oriented Security

2005-04-06 Thread Gunnar Peterson
I have blogged at a high level about some work I am doing on security aspects in SOA and Web Services. Service Oriented Security (SOS) architecture defines a set of architectural views, their key consituents, constraints, and relationships. As the SOA space continues to evolve our software

RE: [SC-L] Application Insecurity --- Who is at Fault?

2005-04-06 Thread Goertzel Karen
I think it's a matter of SHARED reponsibility. Yes, the programmers and their managers are directly responsible. But it's consumers who create demand, and consumers who, out of ignorance, continue to fail to make the connection between bad software security and the viruses, privacy, and other

Re: [SC-L] Application Insecurity --- Who is at Fault?

2005-04-06 Thread Dave Paris
And I couldn't disagree more with your perspective, except for your inclusion of managers in parenthesis. Developers take direction and instruction from management, they are not autonomous entities. If management doesn't make security a priority, then only so much secure/defensive code can be

RE: [SC-L] Application Insecurity --- Who is at Fault?

2005-04-06 Thread Michael S Hines
Wonder what happens if we apply that same logic to building design or bridge design and contstruction? Those who don't place blame at the source are just trying to blame shift. Bad idea.. Mike Hines --- Michael S Hines [EMAIL PROTECTED] -Original

Re: [SC-L] Mobile phone OS security changing?

2005-04-06 Thread Kenneth R. van Wyk
On Wednesday 06 April 2005 09:26, Michael Silk wrote: The last thing I want is my mobile phone updating itself. I imagine that sort of operation would take up battery power, and possibly cause other interruptions ... (can you be on a call and have it update itself?) I vividly remember a lot

Re: [SC-L] Application Insecurity --- Who is at Fault?

2005-04-06 Thread Jeff Williams
I would think this might work, but I - if I ran a software development company - would be very scared about signing that contract... Even if I did everything right, who's to say I might not get blamed? Anyway, insurance would end up being the solution. What you *should* be scared of is a contract

Re: [SC-L] Mobile phone OS security changing?

2005-04-06 Thread Michael Silk
On Apr 7, 2005 3:12 AM, Kenneth R. van Wyk [EMAIL PROTECTED] wrote: On Wednesday 06 April 2005 09:26, Michael Silk wrote: The last thing I want is my mobile phone updating itself. I imagine that sort of operation would take up battery power, and possibly cause other interruptions ... (can

Re: [SC-L] Application Insecurity --- Who is at Fault?

2005-04-06 Thread Michael Silk
Jeff, On Apr 7, 2005 11:00 AM, Jeff Williams [EMAIL PROTECTED] wrote: I would think this might work, but I - if I ran a software development company - would be very scared about signing that contract... Even if I did everything right, who's to say I might not get blamed? Anyway, insurance

Re: [SC-L] Application Insecurity --- Who is at Fault?

2005-04-06 Thread Michael Silk
On Apr 7, 2005 1:16 AM, Goertzel Karen [EMAIL PROTECTED] wrote: I think it's a matter of SHARED reponsibility. Yes, the programmers and their managers are directly responsible. But it's consumers who create demand, and consumers who, out of ignorance, continue to fail to make the connection

Re: [SC-L] Mobile phone OS security changing?

2005-04-06 Thread Crispin Cowan
Kenneth R. van Wyk wrote: Greetings, I noticed an interesting article about a mobile phone virus affecting Symbian-based phones out on Slashdot today. It's an interesting read: http://it.slashdot.org/it/05/04/06/0049209.shtml?tid=220tid=100tid=193tid=137 What particularly caught my attention

Re: [SC-L] Application Insecurity --- Who is at Fault?

2005-04-06 Thread Michael Silk
Inline On Apr 7, 2005 1:06 AM, Dave Paris [EMAIL PROTECTED] wrote: And I couldn't disagree more with your perspective, except for your inclusion of managers in parenthesis. Developers take direction and instruction from management, they are not autonomous entities. If management doesn't