McGovern, James F \(HTSC, IT\) [mailto:[EMAIL PROTECTED] writes:
> the value of tools in this space are not really targeted at developers
> but should be targeted at executives who care about overall quality and
> security folks who care about risk. While developers are the ones to
> remediate
Michael S Hines [mailto:[EMAIL PROTECTED] writes:
> Product integration - why have an editor, separate source code analizer,
> separate 'lint' product, compiler, linker, object code analyzer, Fuzz
> testing tools, etc...apart from marketing and revenue stream - it
> doesn't help the develo
Robin Sheat [mailto:[EMAIL PROTECTED] wonders:
> What I did was take the user's password to create a key
What happens when the user changes his password? I didn't quite follow it all,
but it looks to me like that means that all of a user's data has to be
decrypted and re-encrypted. You didn'
McGovern, James F \(HTSC, IT\) [mailto:[EMAIL PROTECTED] writes:
> I just conducted a super-official study of what my peers are reading by
> walking a total of five aisles within a very large building. Here are a
> list of magazines on folks desk:
>
> - Infoworld
> - Java Developers Journal
[EMAIL PROTECTED] writes:
> certifications such as CISSP whereby the exams that
> prove you are a security professional talk all about
> physical security and network security but really don't
> address software development in any meaningful way.
Perhaps what is needed is a separate certification
KT [mailto:[EMAIL PROTECTED] writes (to TWO LISTS, PLEASE DON'T DO THAT):
> What are some of the magazines the users of this list subscribe to?
My top three, at least in this field would be:
ACM Queue
Information Security
Software Development
Please note that the second list has BEEN REMOVE
Tim Hollebeek [mailto:[EMAIL PROTECTED] wonders:
> are shops that insist on warning free compiles really that rare?
Yes. I've worked for or with many companies over the years, totalling probably
somewhere in the mid-teens or so. In all that, there was, to the best of my
recollection, only ON
Gary McGraw [mailto:[EMAIL PROTECTED] writes:
> The main thing I wonder is, what do you think? When you have a hot
> demonstration of an exploit, how do you responsibly release it?
This isn't so much about that, in the usual sense. This was, as you say, a
well-known vulnerability, one screamingl
Pete Shanahan [mailto:[EMAIL PROTECTED] writes:
> I'm just wondering how flawed the implementation of the windows
> paging model is that it would allow for this kind of breach. The
> standard model I'm familiar with would simply flush the page from
> memory, and would not keep a copy in the ex
Paolo Perego [mailto:[EMAIL PROTECTED] writes:
> "Software is like Titanic, pleople claim it was unsinkable. Securing is
> providing it power steering"
But power steering wouldn't have saved it. By the time the iceberg was
spotted, there was not enough time to turn that large a boat. Perhaps
Jeremy Epstein [mailto:[EMAIL PROTECTED] writes:
> "Software Security Keeps the Bad Guys Out"
That's certainly one important aspect, but this slogan doesn't address issues
such as staying up, producing correct output, etc. It also can blur the
already much too fuzzy (in the public mind) line
Gary McGraw [mailto:[EMAIL PROTECTED] wrote:
> I wrote a book with viega a few years ago called "building secure
> software"...
Yes, John gave us all copies. Didn't bother to get it autographed though. :-)
> it was not about that company (at all).
It certainly was not about the horribly br
mikeiscool [mailto:[EMAIL PROTECTED] writes:
> The point remains though: trimming this down into a friendly little
> phrase is, IMCO, useless.
One of the common problems in trying to persuade the masses of ANYTHING, be it
the importance of secure software, the factual or moral correctness of y
13 matches
Mail list logo