Hi Stephen,
I agree that would be interesting. While we have data at the firm level for all
BSIMM participants, and at the BU level for many BSIMM participants, we don't
formally capture data on development methodology (as opposed to software
security activities) for each development team
In the current BSIMM-V dataset is it possible to narrow the data down to only
organisations practising Agile dev? I think it would be interesting to see
which BSIMM activities are popular with agile houses, and which not.
One of the reasons not to do this is that publishing data that would
All,
This may be of interest - an RFI is a way to both provide information and
influence future procurements by pointing out areas that need to be
emphasized.
https://www.fbo.gov/index?s=opportunitymode=formid=3c867a45671f0cde56fca2bf81bdaf44tab=documentstabmode=list
--Jeremy
hi sc-l,
From time to time we talk about getting to the dev community here. This
article is at least in the right publication!
Read it and pass it on:
http://adtmag.com/blogs/watersworks/2013/12/bsimm-v-released.aspx
Salubrious solstice! One week and one day to go.
gem
WEB 2.0 SECURITY AND PRIVACY 2014 WORKSHOP CALL FOR PAPERS
IMPORTANT DATES
Paper submission deadline: February 26, 2014 (11:59pm US-PST)
Workshop acceptance notification date: March 29, 2014
Workshop date: Sunday, May 18, 2014
Workshop paper submission web site:
hi sc-l,
Just in time for turkey-induced coma listening time, Silver Bullet episode 92
features Jon Callas. Jon is an old school geek (on the net since 1979) who has
occupied a front row seat during all of the crypto wars. His company Silent
Circle is actively trying to build a real secure
hi sc-l,
Episode 91 of Silver Bullet features a conversation with Cigital's Caroline
Wong. We talk a lot about BSIMM (behind the scenes) as part of the BSIMM-V
launch. BSIMM-V will be officially released at 9am EST 10.30.13!
As an experienced practitioner (Symantec, eBay, Zynga), Caroline
hi sc-l,
I am proud to announce that the BSIMM-V document is complete and the website
has been entirey revised/updated. Please download a copy of BSIMM-V today:
http://bsimm.com
BSIMM-V describes the software security initiatives at sixty-seven firms,
including: Adobe, Aetna, Bank of
hi sc-l,
On one of the best Silver Bullet security podcasts in many a moon, I interview
Matthew Green, research professor at Johns Hopkins university. Remember that
university professor whose NSA-related posting was given a takedown notice?
That was Matthew. Find out what he thought of all
hi sc-l,
As part of gearing up our Atlanta office, Cigital is co-sponsoring an event
with TAG (technology association of georgia) on Tuesday October 1st. The event
will feature a fireside chat with Marcus Ranum and me about software and
software security. Why is software still so bad, and
I agree that ONE end goal of software security is to safeguard data - but it is
not the only goal...and may not even be the primary goal, depending on the type
of system the software is part of. In a safety-critical system, safeguard the
data takes on a very different meaning from what one
On the other hand, isn't it somewhat analagous to hiring 24/7 armed security
guards and installing a state of the art physical security system in a museum,
and passing and enforcing strict laws against grand larceny?
The secure coding alternative would be for museums to stop displaying
So all it takes to call code secure is to apply sufficient quantities of
bandaids, bubblegum and barbed wire? Job security yes, secure coding NO.
Just my opinion, but I think we need to hold to a much higher standard.
On Mon, Sep 23, 2013 at 6:08 AM, Goertzel, Karen [USA]
Wait a minute, this relationship is a bit confused I think. Prasad said it
well- often the result of a maturing software security program is that the
simple and easy bugs disappear and the ones that are left are difficult to find
and complex in exploitation.
This is known as eliminating the
On Fri, Sep 20, 2013 at 11:34 PM, Rafal Los ra...@ishackingyou.com wrote:
Wait a minute, this relationship is a bit confused I think. Prasad said it
well- often the result of a maturing software security program is that the
simple and easy bugs disappear and the ones that are left are
Well, one of the objectives of employing secure coding practices is just that -
to raise the cost and complexity of exploiting bugs.
Cheers,
Prasad
On Sep 20, 2013, at 7:47 PM, Bobby G. Miller b.g.mil...@gmail.com wrote:
I was just listening to a podcast interviewing a security executive
On Fri, Sep 20, 2013 at 7:47 PM, Bobby G. Miller b.g.mil...@gmail.com wrote:
I was just listening to a podcast interviewing a security executive from a
prominent vendor. The response to vulnerabilities was to raise the
cost/complexity of exploiting bugs rather than actually employing secure
hi sc-l,
HP just put up a video of the keynote I delivered yesterday at HP Protect.
Here it is!
http://www.cigital.com/justice-league-blog/2013/09/17/zombies-just-what-dr-mcgraw-ordered/
gem
p.s. Who knows Dinis in a can??
___
Secure Coding
hi marinus,
Sorry for the (spam filter related) delay!
Two of the steps that we define in the ARA article address your idea directly.
Step1: known-attack analysis certainly leverages knowledge about components,
packages, and design patterns (associated with known attacks) and stuff you
Garry,
We have a step were we figure out how the various architecture intersect
and synthesize together. After all you inherit more than you define and
deliver.
Marinus
-
hi sc-l,
Software security in general spends a lot of time talking about bugs---too
much time, I believe. We all know
hi sc-l,
Software security in general spends a lot of time talking about bugs---too much
time, I believe. We all know that software defects come in two major
subclasses: bugs (in the implementation) and flaws (in the design). So, how do
you find and FIX flaws?
That's what this month's
hi sc-l,
This year's keynote talk at HP Protect will be all about software security.
How do I know? Well, I'm giving the talk. You can register here if you want
to attend HP Protect in Washington, DC. http://h30627.www3.hp.com/
The Discover Performance magazine featured an article about
I'll be there and am looking forward to seeing it
Can you cover the need to: a) 'talk' to developers using UnitTests, b) stop
giving developers PDFs/badometers , c) create security Labels for APIs/Apps
and d) use open source tools like the O2 Platform (and ThreadFix) to
integrate+glue the
hi dinis,
I will be covering the basics for sure. I agree with all of your points below.
The trickiest one you bring up is security labels which though it may be a good
idea is a political swamp.
I am up for an HP Protect band, but I am pretty sure such an idea has never
crossed the
The comparison of the 2013, 2010, 2007, 2004 and 2003 releases of the
OWASP Top Ten can be downloaded from
https://github.com/cmlh/OWASP-Top-Ten-2013/releases
--
Regards,
Christian Heinrich
http://cmlh.id.au/contact
___
Secure Coding mailing list
hi sc-l,
SearchSecurity just posted my August article about the intersection of software
security and 5 major tech trends. It is enhanced with BSIMM data to spice it
up. Have a read http://bit.ly/137efaX (and pass it on!). Here is a (big ass)
URL for Kevin:
hi sc-l,
Christian Collberg has been among the best academicians in software protection
for over a decade. His book Surreptitious Software which is really about
obfuscation, watermarking and digital content protection is part of my Software
Security Series http://buildingsecurityin.com.
Ruxcon 2013 Final Call For Papers
Melbourne, Australia, October 26th-27th
CQ Function Centre
http://www.ruxcon.org.au/call-for-papers/
The Ruxcon team is pleased to announce the final call for papers for Ruxcon.
This year the conference will take place over the weekend of the 26th and 27th
of
On 07/02/2013 02:55 AM, Jeffrey Walton wrote:
Hi Jim,
Do you know if there is a slide deck available with the talk? It
sounds like there is, but Dr. Bernstein's Talk page
(http://cr.yp.to/talks.html) does not list an OWASP talk.
Jeff
I found what seemed to be the right deck on djb's talks
There's also a Flash thingie that shows the slides in sync with the audio at
SecAppDev's site:
http://secappdev.org/lectures/144
Haven't found a video with a human in it, yet. Wonder if it exists somewhere...
Andri [http://themoll.com]
On Jul 2, 2013, at 9:55 AM, Jeffrey Walton
http://www.secappdev.org/handouts/2012/Dan%20J.%20Bernstein/worst%20practices.pdf
--
Jim Manico
@Manicode
(808) 652-3805
On Jul 1, 2013, at 8:55 PM, Jeffrey Walton noloa...@gmail.com wrote:
Hi Jim,
Do you know if there is a slide deck available with the talk? It
sounds like there is, but Dr.
Hi Jim,
Do you know if there is a slide deck available with the talk? It
sounds like there is, but Dr. Bernstein's Talk page
(http://cr.yp.to/talks.html) does not list an OWASP talk.
Jeff
On Wed, Jun 26, 2013 at 12:08 AM, Jim Manico jim.man...@owasp.org wrote:
I'm very pleased to announce that
I'm very pleased to announce that OWASP Podcast 95 is live! Special
thanks to Thomas Herlea who helped edit and produce this show.
This episode features Dan J. Bernstein, a computer science research
professor from the university of Illinois. He is speaking on
Cryptography Worst Practices.
Dan is
Hi Secure Coders,
As always, the Verizon Data Breach report highlighted some interesting
stats on attacks and breaches over the last year. And, no surprise that
hacking accounts for a high chunk of those attack vectors, with SQL
Injection still prominent.
In order to build software securely, we
hi sc-l,
Last month, Cigital consultant Joe Harless suggested that I interview his NKU
professor James Walden. It was a good idea. Thanks Joe. I have known James
for years. He uses Software Security in some of his classes and he thinks
about software security all day.
Trained as a
hi sc-l,
The Financial Services sector is an important advocate for real software
security. At FS-ISAC this Spring in Florida, I moderated a panel about that
(including JP Morgan Chase, Capital One and Fidelity). The panel resulted in a
writeup posted today (and published in Information
Hi Punit,
Good on you for selecting information security as a topic of interest.
We need more grads in our field!
The state of the art for buffer overflows, heap overflows, and other
memory corruption bugs is so advanced that it may take you a little
while to get on top of it before being able
hi sc-l,
Ever wonder what it is like to be a Chinese scholar living and teaching in the
US or a woman teaching computer science and engineering? We talk about that in
the 86th episode of the Silver Bullet Security Podcast featuring University of
South Carolina professor Wenyuan Xu:
Greetings SC-L subscribers,
I suspect many of you have heard of SecAppDev (http://secappdev.org) over the
years. It's a non-profit training event that has hitherto been held in Leuven,
Belgium for 1 week each Feb/Mar. Well, we're excited to say that this year
we've added a second event:
Hello All,
We are pleased to announce the 2013 call for data to help refresh the Mobile
Top 10 Risks for 2013 and publish a more formal publication. We are encouraging
everyone to get involved.
The current Mobile Top Ten Risks are located here:
Call for participation: One week until the workshop!
The workshop and program chairs invite you to participate in the 2nd MoST
workshop.
Mobile Security Technologies (MoST) brings together researchers,
practitioners, policy makers, and hardware and software developers of
mobile systems to
Call for participation: Only three weeks until the workshop!
The workshop and program chairs invite you to participate in the 7th W2SP
workshop.
The goal of this one-day workshop is to bring together researchers and
practitioners from academia and industry to focus on understanding Web
*** My apologies for another email. Only ONE week until the workshop! ***
Call for participation: Only ONE week until the workshop!
The workshop and program chairs invite you to participate in the 7th W2SP
workshop.
The goal of this one-day workshop is to bring together researchers and
Short position statements due next Thursday, May 30
Workshop on Risk Perception in IT Security and Privacy
A workshop of the Symposium On Usable Privacy and Security (SOUPS)
http://cups.cs.cmu.edu/soups/2013/
For full details, please see: http://cups.cs.cmu.edu/soups/2013/risk.html
This
Ruxcon 2013 Call For Presentations
Melbourne, Australia, October 26th-27th
CQ Function Centre
http://www.ruxcon.org.au/call-for-papers/
The Ruxcon team is pleased to announce the Call For Presentations for Ruxcon
2013.
This year the conference will take place over the weekend of the 26th and
Only three weeks until the workshop.
Call for participation!
The workshop and program chairs invite you to participate in the 7th W2SP
workshop.
The goal of this one-day workshop is to bring together researchers and
practitioners from academia and industry to focus on understanding Web
hi sc-l,
Is mobile security a brand new day or the same old same old? The answer
depends on how you look at the problem. If you are a practitioner in the
trenches, there are many new and interesting shiny bits to mobile security. If
you are a security veteran, things look very familiar. In
Thanks Ivan! Unfortunately I wasn't able to look at this straight away,
and when I go to the link now I get ME-ERR-002 Sorry, we couldn't find the
page you were looking for.
Would you be able to put it up again?
Cheers!
- Craig.
On 18 April 2013 20:13, Iván Arce ivan.w.a...@gmail.com wrote:
Thanks for sharing Ivan,
However, java in the browser is not acceptable, so could you please find
another way to share the visualization tool please?
This may not be an easy request to fulfill since I would not launch any
executable code (java or otherwise), without a minimal level of assurance...
/ _ \ / _ \|__ \ / _ \/_ |___ \
___| | | | ___| | | |_ __ ) | | | || | __) |
/ __| | | |/ __| | | | '_ \/ /| | | || ||__
| (__| |_| | (__| |_| | | | | / /_| |_| || |___) |
\___|\___/ \___|\___/|_| |_| ||\___/ |_|/
Hey SC-Lers,
Gunnar Peterson (@OneRaindrop) and I (@KRvW) are once again giving away to a
few deserving Mobile App Developers a small number of FREE tickets to our next
Mobile App Sec Triathlon. If you know any deserving students / interns
(especially in the greater New York City region),
Hi SC-L,
Just a short mail to remind you that we are organizing SecSE for the
seventh time - this year on September 3rd in historic Regensburg,
Germany. As an added bonus, Gary McGraw has agreed to give an invited
talk on BSIMM4, in addition to the tutorial on software security he will
give
hi sc-l,
Please come hear my talk Bug Parades, Zombies and the BSIMM: A Decade of
Software Security today at the RSA Conference. The talk is at 10:40am in room
132. I'll be making some of the BSIMM Update data from the RSA BSIMM Mixer
public. 63 firms and counting.
gem
Greetings SC-L,
For all of you who are interested in mobile app sec (or interested in learning
more about it), we released OWASP iGoat version 2.0 today. See the details in
our announcement below.
Cheers,
Ken van Wyk
Begin forwarded message:
From: Kenneth R. van Wyk k...@krvw.com
Subject:
hi sc-l,
I am slated to be a guest on MSNBC's Up With Chris Hayes tomorrow morning
(Sunday 2.24) 9:20-10:00am. They wanted to fly me to NY for the show, but the
plan now is to do this from the DC studios. We'll be talking about Cyber War.
About the show:
hi sc-l,
It's still early on Sunday, but here is a pointer to the episode:
http://nbcnews.to/YqeokE
gem
From: gem g...@cigital.commailto:g...@cigital.com
Date: Saturday, February 23, 2013 4:21 PM
To: Secure Code Mailing List
SC-L@securecoding.orgmailto:SC-L@securecoding.org
Subject: Software
hi sc-l,
I know many sc-l readers will be headed out to San Francisco next week for the
usual week of chaos surrounding RSA. Should be a blast as always.
This year I am involved in two public appearances at the RSA conference, both
of which will discuss software security explicitly. The
There have been reports about military and industrial secrets and what ought
to be secrets
being sent to China for decades now. It has been clear (at least in these
reports) that
US companies were required to have their technology built within China inorder
to have access
to Chinese markets,
To avoid conflict with a major conference deadline this week and to
accommodate popular requests, we have extended the submission deadline of
MoST 2013 to March 1 and the notification deadline to March 29.
Mobile Security Technologies (MoST) brings together researchers,
practitioners, policy
Here is an interesting twist to the recent Apple hack. I hope no SC-Lers are
using iphonedevsdk!
http://www.macrumors.com/2013/02/19/apple-employees-hacked-by-visiting-iphonedevsk/
Cheers,
Ken van Wyk
KRvW Associates, LLC
___
Secure Coding
hi sc-l,
No doubt all of you have seen the NY Times article about the Mandiant report
that pervades the news this week. I believe it is important to understand the
difference between cyber espionage and cyber war. Because espionage unfolds
over months or years in realtime, we can triangulate
I agree - and grow increasingly frustrated with those who insist on confusing
cyber war with cyber espionage (and vice versa). But I've found it's quite
easy to get them to understand the difference by simply asking them to drop the
prefix cyber from each. Cyber war is simply war fought on an
On Wed, Feb 20, 2013 at 9:34 AM, Gary McGraw g...@cigital.com wrote:
hi sc-l,
No doubt all of you have seen the NY Times article about the Mandiant report
that pervades the news this week. I believe it is important to understand
the difference between cyber espionage and cyber war.
http://www.newscientist.com/article/mg21729045.400-the-computer-that-never-crashes.html
===
Karen Mercedes Goertzel, CISSP
Lead Associate
Booz Allen Hamilton
703.698.7454
goertzel_ka...@bah.com
If you're not failing every now and again,
it's a sign you're not doing anything very innovative.
-
hi sc-l,
This morning, NPR did a story
http://www.npr.org/2013/02/13/171843046/victims-of-cyberattacks-now-going-on-offense-against-intruders
about the idea of Active Defense which basically boils down to attacking the
people who (may have) attacked you. (Key question: who is it that REALLY
[Apologies for multiple copies of this announcement]
= Call for Presentations: OWASP AppSec Research EU 2013 =
The German Chapter of the Open Web Application Security Project
(OWASP) is proud to organize this years' OWASP AppSec Research EU
conference.
OWASP AppSec conferences are the
On behalf of the workshop co-chairs and program chair, we would like to
invite you participate in the second Mobile Security Technologies (MoST)
Workshop.
http://mostconf.org/2013/
Mobile Security Technologies (MoST) 2013 is co-located with
The 34th IEEE Symposium on Security and Privacy
On behalf of the workshop co-chairs and program chair, we would like to
invite you participate in the seventh Web 2.0 Security and Privacy
workshop.
http://w2spconf.com/2013/cfp.html
Web 2.0 Security and Privacy workshop is co-located with
The 34th IEEE Symposium on Security and Privacy (IEEE
Good piece. Saltzer and Schroeder's work is the deus ex machina in so much of
security. On the software side, esp in the case of Twitter, Facebook et al, the
equivalent is David Gelernter.
I did a mashup of these titans and I must say I think there is a fair(and
increasing) amount of impedance
Excellent idea Gunnar! This is the kind of conceptual comparison that we don't
do enough of.
gem
From: Gunnar Peterson gun...@arctecgroup.netmailto:gun...@arctecgroup.net
Reply-To: Gunnar Peterson
gun...@arctecgroup.netmailto:gun...@arctecgroup.net
Date: Thursday, January 17, 2013 6:39 PM
To:
On behalf of the workshop co-chairs and program chair, we would like to
invite you participate in the second Mobile Security Technologies (MoST)
Workshop.
Mobile Security Technologies (MoST) 2013 is co-located with
The 34th IEEE Symposium on Security and Privacy (IEEE SP 2013)
hi sc-l,
Greetings from NOLA where I am sailing this weekend.
Ever wonder what the twelve most common software security activities are?
Because of the BSIMM data, we actually know. Have a look for yourself:
Well done gentlemen! I think the interview (debate at times) was extremely
well done - there was some synergy in views, some flushing out of
semantics, details, .. Well. Done. -Ali
On Fri, Nov 30, 2012 at 11:25 PM, Gary McGraw g...@cigital.com wrote:
hi sc-l,
Earlier this month, I had the
Grant,
... and
http://www.scmagazine.com.au/News/320617,redhat-project-fights-java-vulnerabilities.aspx
was published yesterday (25 Oct).
On Mon, Oct 1, 2012 at 3:19 PM, Christian Heinrich
christian.heinr...@cmlh.id.au wrote:
Grant,
Below are the discussions related to Maven and the paper
SC-L,
I'm very pleased to announce that OWASP Podcast 93, and interview with
Frank Piessens from SecAppDev.org, is now live!
http://secappdev.org/pages/31
In this show, Frank discusses why secure development is so difficult and
presents various potential solutions to the problem being
Grant,
Below are the discussions related to Maven and the paper referenced:
1. http://krvw.com/pipermail/sc-l/2012/002786.html
2. http://krvw.com/pipermail/sc-l/2012/002788.html
On Fri, Sep 28, 2012 at 9:10 AM, Grant Murphy gmur...@redhat.com wrote:
I don't have the original mail but some time
hi sc-l,
Once every blue moon, software security makes it into the major press. BSIMM4
did it today.
http://blogs.wsj.com/cio/2012/09/26/bank-cyberattacks-underscore-need-for-security-processes/
I think it's great when the major players get past the train wreck mentality
that seems to
hi sc-l,
Today we released BSIMM4, the fourth edition of the BSIMM model built directly
from data observed in 51 firms. If you ever wonder what software assurance
looks like in commercial practice (and how to measure it), the BSIMM sheds
plenty of light on current practice.
Download a copy
Hey SC-Lers,
We're giving away to a few deserving Mobile App Developers a small number of
FREE tickets to our Mobile App Sec Triathlon. If you know any deserving
students / interns, point them in our direction for a chance to get a free seat.
See
FREE *NO-SIGN-UP* on demand, online software security for you and anyone you
want to share it with -- just tech fun
https://www.trustwave.com/sae_sample/owasp-top-10/Start.htm
Time to make the popcorn and/or pour a glass of scotch ;)
If you have any questions your welcome to ring me at
Hi SC-L,
Hey, it dawned on me that I never posted a pointer to the OWASP iOS Developer
Cheat Sheet that was published a couple months ago.
https://www.owasp.org/index.php/IOS_Developer_Cheat_Sheet
As the initial author of the cheat sheet, I'd sure love to get feedback and --
better yet --
Greetings SC-L,
FYI, Gunnar Peterson (@OneRaindrop) and I (@KRvW) launched a blog last month on
the topic of mobile app security. The blog can be found at
http://mobappsectriathlon.blogspot.com
Full disclosure: On the blog, you will see advertisements for the
MobAppSecTriathlon event that
hi sc-l,
Greetings from Buenos Aires where I am pushing the software security agenda in
South America this week in a series of four talks.
Silver Bullet's 77th episode features Gary Warzala, CISO of Visa. Our
discussion mirrors some of what we talked about during our fireside chat in
Gary,
Could you elaborate a bit more? Specifically, what kind of incentives
you have in mind? How would they work?
The debate about what to do to improve software security at a national
or larger scale is mostly populated with abstractions and generic ideas
but the enumeration and description of
All,
OWASP has a document which was targeted at the Brazilian government at
first and then translates into English. It contains several proposals
of government actions to improve the application security (and
information security) landscape.
The English version is available here:
hi greg,
Good question. I'm biased of course, but I think a BSIMM type measurement
is the best way to approach this. (See http://bsimm.com.) However,
regardless of measurement I strongly believe that incentives are way
better than regulations and penalties.
Because the Senate bill was blocked
hi sc-l,
This month's [in]security article takes on Cyber Law as its topic. The US
Congress has been debating a cyber security bill this session and is close to
passing something. Sadly, the Cybersecurity and Internet Freedom Act currently
being considered in the Senate (as an answer to the
Hi Dr. McGraw,
Cyber Intelligence Sharing and Protection Act (CISPA) passed by
there House in April) has very little to say about building security in.
I'm convinced (in the US) that users/consumers need a comprehensive
set of software liability laws. Consider the number of mobile devices
that
Hi Jeff,
I'm afraid I disagree. The hyperbolic way to state this is, imagine YOUR
lawyer faced down by Microsoft's army of lawyers. You lose.
Software liability is not the way to go in my opinion. Instead, I would
like to see the government develop incentives for good engineering.
gem
On
How would we recognize good engineering?
It seems to me like the very same problem faced by the idea of software
liability law - that it is hard to define good engineering for software
security - would be faced by an incentive program. If good
engineering is fuzzy enough to give a big corporate
hi sc-l,
The 76th episode of Silver Bullet features a chat with Dave Evans, a professor
at UVa and a well-respected security researcher. David and I discuss (among
other things) the founding of the Interdisciplinary Major in Computer Science
(BA) at Uva and why a broad approach to Computer
Oops! forgot to include the URL. Here it is:
http://www.cigital.com/silver-bullet/show-076/
gem
From: gem g...@cigital.commailto:g...@cigital.com
Date: Friday, July 27, 2012 2:27 PM
To: Secure Code Mailing List
SC-L@securecoding.orgmailto:SC-L@securecoding.org
Cc: David Evans
Title: OWASP Cheat Sheet -- iOS App Developers
Author: Kenneth R. van Wyk
Source: OWASP - the Open Web Application Security Project
Date Published: 2012-07-17
Excerpt:
This document is written for iOS app developers and is intended to provide a
set of basic pointers to vital aspects of
Hi Gary,
I agree with everything you write in the article (although I was a bit
peeved at having to register to read it...). It ties nicely in with a
related topic that is being discussed a lot recently: The danger of QR
codes, where people argue that you shouldn't scan QR codes with your
hi martin,
Great to see you in Athens this week. Sorry about the registration thing.
As an author, I get very little say in the matter. I hope you registered
as Mickey Mouse or Bill Gates.
gem
On 7/15/12 2:50 PM, Martin Gilje Jaatun secse-ch...@sislab.no wrote:
Hi Gary,
I agree with
hi sc-l,
In April, my monthly [in]security column moved over to SearchSecurity
(TechTarget). This month's installation appears in Information Security
magazine as well as on the usual websites.
Because of all of the great work Cigital has done in mobile security, there was
plenty of fodder
After speaking with a lot of developers we realized they are looking for a
fun, quick way to enhance their knowledge about the secure coding aspects of
development. We have put together a series of interactive quizzes which test
security professionals' and software developers' secure development
Hi All,
nullcon team is pleased to announce:
- First round of speakers
- Prototype Talks
- Exhibition/Demo Zone
- Job Fair
- Final Call for Events and Call for Papers for Delhi 2012
First round of speakers:
1. Mr. Raghu Raman (CEO NATGRID) - Keynote 1
hi sc-l,
Whenever a computer security disaster story breaks (pretty much the only kind
of coverage cyber security can expect in the major press) we have an
opportunity (while people are paying attention) to talk about how to avoid
future disasters. If we're lucky, we can leverage the NASCAR
hi sc-l,
There are exactly two security gurus we have covered twice in Silver Bullet:
Ross Anderson (who holds the all time record for hits) and Bruce Schneier.
Both are very interesting thinkers and thought leaders in computer security.
Episode 74 is the second Silver Bullet conversation
101 - 200 of 2400 matches
Mail list logo
