Re: [SC-L] Cigital news (European market)
Well, this is hardly a matter of who has a more ancient history, there can be no argument about that. It all ultimately comes down to a business decision. Software security has been picking up in the States because consumers are beginning to demand it explicitly in addition to expecting it implicitly. In some cases security can even be used as a competitive differentiator. I don't know if the same trend is unraveling in Europe, but even if it's not, it makes sense that the European companies would focus on the adoption of software security in order to remain competitive in the US market. Evgeny Evgeny Lebanidze Sr. Security Consultant, Cigital. Inc. evg...@cigital.com -Original Message- From: sc-l-boun...@securecoding.org [mailto:sc-l-boun...@securecoding.org] On Behalf Of Benjamin Tomhave Sent: Tuesday, May 19, 2009 9:56 PM To: Kenneth Van Wyk Cc: Secure Coding Subject: Re: [SC-L] Cigital news (European market) Kenneth Van Wyk wrote: > But I just don't get the feeling that they're trying in any way to > "align themselves with the US market". They'll do their own thing in > their own time, which is as it should be. > That syncs with my limited experience with Europeans, both in the past (the French in particular) and in the present (Dutch). Any suggestion that Europe will "follow" the US is probably an error in judgment and highly likely to offend. We should never forget that we're a mere 233 years old independently compared to their several centuries. The Roman Empire lasted almost twice that long. -ben -- Benjamin Tomhave, MS, CISSP fal...@secureconsulting.net LI: http://www.linkedin.com/in/btomhave Blog: http://www.secureconsulting.net/ Photos: http://photos.secureconsulting.net/ Web: http://falcon.secureconsulting.net/ [ Random Quote: ] "Perfection is not attainable, but if we chase perfection we can catch excellence." Vince Lombardi ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___ ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
Re: [SC-L] InformIT: Twitter Security
Thought I'd throw this out there in case you hadn't heard already: http://www.fcw.com/Articles/2009/04/10/Web-Facebook-GSA.aspx . It's starting to affect me real-world already. those of us in the DC area, ramp up your incident response rates now, cause you know it's coming and you know it's going to be good. -matt. -Original Message- From: sc-l-boun...@securecoding.org [mailto:sc-l-boun...@securecoding.org] On Behalf Of Gunnar Peterson Sent: Tuesday, May 19, 2009 5:43 PM To: Gary McGraw Cc: Secure Code Mailing List Subject: hi gary one other interesting note on twitter security that i am retweeting from @cykyc & @focalintent: you put your SSN in number-dash format, twitter automatically obfuscates it to XXX-XX-! Now we just need fortune 500 to run twitter instead of ERP, CRM, etc. -gunnar On May 15, 2009, at 7:42 AM, Gary McGraw wrote: > hi sc-l, > > It was inevitable---an article about Twitter Security. If my latest > column were a tweet, it wouldn't have much content. You can be the > judge about whether a longer form does: > > http://www.informit.com/articles/article.aspx?p=1350268 > > As always, your feedback is welcome. > > gem > > company www.cigital.com > podcast www.cigital.com/silverbullet > blog www.cigital.com/justiceleague > book www.swsec.com > > ___ > Secure Coding mailing list (SC-L) SC-L@securecoding.org > List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l > List charter available at - http://www.securecoding.org/list/charter.php > SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com > ) > as a free, non-commercial service to the software security community. > ___ > ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___ ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
Re: [SC-L] Cigital news (European market)
Kenneth Van Wyk wrote: > But I just don't get the feeling that they're trying in any way to > "align themselves with the US market". They'll do their own thing in > their own time, which is as it should be. > That syncs with my limited experience with Europeans, both in the past (the French in particular) and in the present (Dutch). Any suggestion that Europe will "follow" the US is probably an error in judgment and highly likely to offend. We should never forget that we're a mere 233 years old independently compared to their several centuries. The Roman Empire lasted almost twice that long. -ben -- Benjamin Tomhave, MS, CISSP fal...@secureconsulting.net LI: http://www.linkedin.com/in/btomhave Blog: http://www.secureconsulting.net/ Photos: http://photos.secureconsulting.net/ Web: http://falcon.secureconsulting.net/ [ Random Quote: ] "Perfection is not attainable, but if we chase perfection we can catch excellence." Vince Lombardi ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
Re: [SC-L] Cigital news (European market)
On May 20, 2009, at 12:34 AM, Gary McGraw wrote: We believe that the European software security market is 2-3 years behind the US market, but poised for rapid growth that will align it with the US market in a much shorter period. From what I can tell, the European market is 14-20% the size of the US market. My experience there tells me that's an over-simplification of the situation. On one hand, some of the OWASP chapter meetings I've gone to in Europe have been as well or even better attended than their counterparts I've gone to in the US -- primarily in the DC metro area. And not just in terms of quantity. Many of the folks I've spoken with and worked with have been in many cases as well or even better clued than their US counterparts. So there's clearly an eagerness and awareness among the practitioners and academics, which is good. European enterprises, on the other hand, tend to be quite conservative in taking to new practices. They want to see clear justifications before diving in. But I just don't get the feeling that they're trying in any way to "align themselves with the US market". They'll do their own thing in their own time, which is as it should be. From my own little "nanocosm" perspective, I continue to see the bulk of my consulting engagements coming out of Europe and Southeast Asia. I've found both markets to be quite receptive to software security efforts for the past several years. Cheers, Ken - Kenneth R. van Wyk KRvW Associates, LLC http://www.KRvW.com (This email is digitally signed with a free x.509 certificate from CAcert. If you're unable to verify the signature, try getting their root CA certificate at http://www.cacert.org -- for free.) smime.p7s Description: S/MIME cryptographic signature ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
[SC-L] for your consideration
Which Came First: The Software or The Security? http://www.secureconsulting.net/2009/05/which_came_first_the_software.html cheers, -ben -- Benjamin Tomhave, MS, CISSP fal...@secureconsulting.net LI: http://www.linkedin.com/in/btomhave Blog: http://www.secureconsulting.net/ Photos: http://photos.secureconsulting.net/ Web: http://falcon.secureconsulting.net/ [ Random Quote: ] "I told the doctor I broke my leg in two places. He told me to quit going to those places." Henny Youngman ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
[SC-L] Cigital news (European market)
hi sc-l, Cigital has acquired the European operations of Security Innovation. A press release went out this morning. http://www.cigital.com/news/index.php?pg=art&artid=158 We believe that the European software security market is 2-3 years behind the US market, but poised for rapid growth that will align it with the US market in a much shorter period. From what I can tell, the European market is 14-20% the size of the US market. What do you guys think? gem http://www.cigital.com/~gem ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
Re: [SC-L] InformIT: Twitter Security
hi gary one other interesting note on twitter security that i am retweeting from @cykyc & @focalintent: you put your SSN in number-dash format, twitter automatically obfuscates it to XXX-XX-! Now we just need fortune 500 to run twitter instead of ERP, CRM, etc. -gunnar On May 15, 2009, at 7:42 AM, Gary McGraw wrote: > hi sc-l, > > It was inevitable---an article about Twitter Security. If my latest > column were a tweet, it wouldn't have much content. You can be the > judge about whether a longer form does: > > http://www.informit.com/articles/article.aspx?p=1350268 > > As always, your feedback is welcome. > > gem > > company www.cigital.com > podcast www.cigital.com/silverbullet > blog www.cigital.com/justiceleague > book www.swsec.com > > ___ > Secure Coding mailing list (SC-L) SC-L@securecoding.org > List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l > List charter available at - http://www.securecoding.org/list/charter.php > SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com > ) > as a free, non-commercial service to the software security community. > ___ > ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___