Re: [SC-L] informIT: Modern Malware

2011-03-26 Thread John Wilander
A positive side effect of many vendors being US-based is that the US market takes most of the buzzword marketing hit. :) On a more serious note, I think there really are APTs out there, state-driven and all. The problem is when organizations use the term to get away with sub-standard security

[SC-L] Official OWASP Summit Challenge

2011-01-23 Thread John Wilander
will be there. The authors of (my) favorite appsec books will be there. Best thing of all? You are most welcome to join! http://www.owasp.org/index.php/OWASP_Summit_2011 Get going with the Challenge – http://makeXORbreak.com Best regards, John Wilander -- John Wilander, https://twitter.com/johnwilander Chapter

[SC-L] OWASP AppSec Research 2010 - Call for Papers

2009-06-24 Thread John Wilander
€Christoph Kern, Google €Sergio Maffeis, Imperial College London Organizing Committee €John Wilander, chapter leader Sweden (chair) €Mattias Bergling (vice chair) €Alan Davidson, Stockholm University/Royal Institute of Technology (co-host) €Ulf Munkedal, chapter leader Denmark

[SC-L] The problem with (Java's) Security Policy (Was: Unclassified NSA document on .NET 2.0 Framework Security)

2008-11-25 Thread John Wilander
wrong please tell me what to do. I'd really like to deploy maintainable security policies. Mark Petrovic has written some good things on this issue (http://www.onjava.com/pub/a/onjava/2007/01/03/discovering-java-security-req uirements.html). Regards, John Wilander -- John Wilander, Security

[SC-L] Web Services vs. Minimizing Attack Surface

2006-08-15 Thread John Wilander
are all about exposing functionality to offer interoperability. Have any of you had discussions on the seemingly obvious conflict between these things? I would be very happy to hear your conclusions and opinions! Regards, John John Wilander, PhD student Computer

Re: [SC-L] bumper sticker slogan for secure software

2006-07-21 Thread John Wilander
precise. But it's short and does the trick for me---it separates adding security functions from trying to secure all functions in the system (during all phases). Regards, John John Wilander, PhD Student Computer and Information Sc. Linkoping University, Sweden http