[SC-L] [CFP] Workshop: Who are you?! Adventures in Authentication at SOUPS 2016 - Next week!

2016-06-20 Thread Larry Koved
Title: Who are you?! Adventures in Authentication Workshop to be held at the Twelfth Symposium on Usable Privacy and Security - SOUPS 2016 When: June 22, 2016 Where: Denver, CO URL: https://www.usenix.org/conference/soups2016/workshop-who-are-you Description: Authentication, or the act of

[SC-L] Silver Bullet 122: David Nathans

2016-06-07 Thread Gary McGraw
Hi sc-l, The latest episode of Silver Bullet features a conversation with David Nathans from Siemens Healthcare. David got his start in security ops, and even wrote a book about that. But he completely understands why product security is essential in the modern world and has been moving

[SC-L] [CFP] Workshop CFP: Who are you?! Adventures in Authentication at SOUPS 2016 - 1 week until the submission deadline

2016-05-10 Thread Larry Koved
Title: Who are you?! Adventures in Authentication Workshop to be held at the Twelfth Symposium on Usable Privacy and Security - SOUPS 2016 When: June 22, 2016 Where: Denver, CO URL: https://www.usenix.org/conference/soups2016/workshop-who-are-you Description: Authentication, or the act of

[SC-L] c0c0n 2016 | The cy0ps c0n - Call For Papers & Call For Workshops

2016-04-25 Thread c0c0n 2016 - The CyOps Conference
______ ___ ___ __ __ / _ \ / _ \|__ \ / _ \/_ | / / ___| | | | ___| | | |_ __ ) | | | || |/ /_ / __| | | |/ __| | | | '_ \/ /| | | || | '_ \ | (__| |_| | (__| |_| | | | | / /_| |_| || | (_) | \___|\___/ \___|\___/|_| |_|

[SC-L] [CFP] Workshop CFP: Who are you?! Adventures in Authentication at SOUPS 2016

2016-04-25 Thread Larry Koved
Title: Who are you?! Adventures in Authentication Workshop to be held at the Twelfth Symposium on Usable Privacy and Security - SOUPS 2016 When: June 22, 2016 Where: Denver, CO URL: https://www.usenix.org/conference/soups2016 Description: Authentication, or the act of proving that someone

[SC-L] Silver Bullet celebrates a decade of shows: Gary McGraw

2016-04-01 Thread Gary McGraw
hi sc-l, Hard to believe, but Silver Bullet has been running for ten years---120 months of shows in a row without missing a month. To celebrate this accomplishment, we shot a video for episode 120 out by the Shenandoah river at my house. And we turned the tables on the interview. Marcus

[SC-L] [CFP] Workshop CFP: Who are you?! Adventures in Authentication at SOUPS 2016

2016-03-15 Thread Larry Koved
Title: Who are you?! Adventures in Authentication Workshop to be held at the Twelfth Symposium on Usable Privacy and Security - SOUPS 2016 When: June 22, 2016 Where: Denver, CO URL: https://www.usenix.org/conference/soups2016 Description: Authentication, or the act of proving that someone

[SC-L] Ruxcon 2016 Call For Presentations

2016-03-15 Thread cfp
Ruxcon 2016 Call For Presentations Melbourne, Australia, October 22-23 CQ Function Centre http://www.ruxcon.org.au The Ruxcon team is pleased to announce the first round of Call For Presentations for Ruxcon 2016. This year the conference will take place over the weekend of the 22nd and 23rd

[SC-L] Silver Bullet 119: Jacob West on the IEEE CSD Wearables report (design review)

2016-02-29 Thread Gary McGraw
hi sc-l, It’s leap day and RSA week! We just posted Silver Bullet episode 119 featuring BSIMM co-author and IEEE CSD co-founder Jacob West talking about the latest IEEE CSD report. Architecture analysis lags behind other touchpoints when it comes to software security practices. The CSD

[SC-L] Mobile Security Technologies (MoST) 2016 - submission deadline extended to Monday Feb 1

2016-02-01 Thread Larry Koved
http://ieee-security.org/TC/SPW2016/MoST/cfp.html Mobile Security Technologies (MoST) 2016 co-located with The 34th IEEE Symposium on Security and Privacy (IEEE S 2016) an event of The IEEE Computer Society's Security and Privacy Workshops (SPW 2016) The Fairmont Hotel San Jose, CA, USA

[SC-L] Silver Bullet: Jack Daniel

2016-02-01 Thread Gary McGraw
hi sc-l, For the first Silver Bullet of 2016 I have a chat with Jack Daniel, co-founder of the Bsides Conferences. We talk about security communities, the evolution of the field, car repair, complex systems, the waning security Rennaissance, and other matters. We conclude with a quick

[SC-L] Mobile Security Technologies (MoST) 2016 - 2 week until the submission deadline!

2016-02-01 Thread Larry Koved
http://ieee-security.org/TC/SPW2016/MoST/cfp.html Mobile Security Technologies (MoST) 2016 co-located with The 34th IEEE Symposium on Security and Privacy (IEEE S 2016) an event of The IEEE Computer Society's Security and Privacy Workshops (SPW 2016) The Fairmont Hotel San Jose, CA, USA

[SC-L] CFP: Mobile Security Technologies (MoST) 2016 - 2 weeks until the submission deadline!

2016-01-19 Thread Larry Koved
http://ieee-security.org/TC/SPW2016/MoST/cfp.html Mobile Security Technologies (MoST) 2016 co-located with The 34th IEEE Symposium on Security and Privacy (IEEE S 2016) an event of The IEEE Computer Society's Security and Privacy Workshops (SPW 2016) The Fairmont Hotel San Jose, CA, USA

[SC-L] CFP: Mobile Security Technologies (MoST) 2016 - corrected dates

2016-01-19 Thread Larry Koved
My apologies. Here are the correct dates: Paper submission deadline: January 29, 2016 (11:59pm US-PST) Acceptance notification: March 7, 2016 Camera-ready deadline: March 25, 2016 Workshop day: May 26, 2016 http://ieee-security.org/TC/SPW2016/MoST/cfp.html Mobile Security Technologies (MoST)

[SC-L] Silver Bullet 117: Jamie Butler

2015-12-26 Thread Gary McGraw
hi sc-l, The current episode of the Silver Bullet Security Podcast features Jamie Butler, CTO of Endgame. Jamie and I talk rootkits (he wrote the book with Greg Hoglund), attack patters, defense and offense. Jamie has a long career in security (17 years) spanning early days at Fort Meade,

[SC-L] Silver Bullet 116: Doug Maughan

2015-12-01 Thread Gary McGraw
hi sc-l, Doug Maughan is one of the very good people who somehow works in the federal government at DHS (I know). He has been funding reasonable science in computer security since his early DARPA days and even once funded some of our work at cigital. We talk about science, research, tech

[SC-L] CFP: Mobile Security Technologies (MoST) 2016

2015-11-04 Thread Larry Koved
http://ieee-security.org/TC/SPW2016/MoST/cfp.html Mobile Security Technologies (MoST) 2016 co-located with The 34th IEEE Symposium on Security and Privacy (IEEE S 2016) an event of The IEEE Computer Society's Security and Privacy Workshops (SPW 2016) The Fairmont Hotel San Jose, CA, USA

[SC-L] Silver Bullet 115: mudge

2015-10-29 Thread Gary McGraw
hi sc-l, Cigital just posted Silver Bullet 115 which features an interview with mudge (a.k.a., Peiter Zatko). https://www.cigital.com/podcasts/show-115-peiter-mudge-zatko/ We talk l0pht, cult of the dead cow, early security days, testifying before Congress, why the government is so confused

[SC-L] BSIMM6

2015-10-19 Thread Gary McGraw
hi sc-l, Today Cigital published Release 6 of the Building Security In Maturity Model (BSIMM). The BSIMM now represents eight years of bringing science to the software security. We have directly measured over 104 companies across multiple industries (BSIMM6 covers 78 of them). BSIMM6 also

[SC-L] MQ Series and Middleware security

2015-10-08 Thread Gunnar Peterson
As the saying goes, a Unix server goes down and you have a bad weekend. A Mainframe goes down and the earth stops rotating on its axis. To the latter point, MQ Series and other messaging systems that communicate with Mainframes and heritage(*) systems get next to no attention from the security

[SC-L] SearchSecurity: Seven Myths of Software Security

2015-10-06 Thread Gary McGraw
hi sc-l, You’ve heard these before I’m sure. Working on expanding or improving your software security initiative? Here are seven of the most common objections we see all the time (and what to say in response). Please read this article: http://bit.ly/swsec-myths Hopefully you will all find

[SC-L] Silver Bullet 114: Peter "Pete" Clay

2015-09-30 Thread Gary McGraw
hi sc-l, Episode 114 of Silver Bullet was just posted. This episode features Peter “Pete” Clay who has served as a CISO in several firms (Deliotte, Invotas, Qlik) and has provided security direction both in the Federal government and the private sector. Have a listen: http://bit.ly/SB-pete

[SC-L] The FTC and Software Security

2015-09-17 Thread Gary McGraw
hi sc-l, I just posted some thoughts on the FTC and software security. Have a look: http://bit.ly/gem-FTC gem ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l

Re: [SC-L] The FTC and Software Security

2015-09-17 Thread Jeffrey Walton
On Wed, Sep 16, 2015 at 2:58 PM, Gary McGraw wrote: > hi sc-l, > > I just posted some thoughts on the FTC and software security. > > Have a look: http://bit.ly/gem-FTC +1, well written. I've kinda ignored the FTC over the years, and focused on the state laws covering data

[SC-L] Podcast: Threatpost covers software security

2015-09-12 Thread Gary McGraw
hi sc-l, Yesterday I recorded an episode of Threatpost with Dennis Fisher. We talk about many current topics, including how to scale software security. Have a listen and pass it on: https://threatpost.com/gary-mcgraw-on-scalable-software-security-and-medical-device-security/114640/ Topics

Re: [SC-L] Silver Bullet 113: Chandu Ketkar

2015-09-08 Thread Gary McGraw
The URL was apparently scrambled below. For the SB episode try: http://bit.ly/SB-chandu gem On 8/31/15, 12:51 PM, "SC-L on behalf of Gary McGraw" wrote: >hi sc-l, > >The new episode of Silver Bullet features a conversation

Re: [SC-L] [External] Re: SearchSecurity: Dynamism

2015-09-08 Thread Goertzel, Karen [USA]
Yes, we seem to abandon security mechanisms that (1) we can actually trust, and (2) that Microsoft and Google refuse to build. === Karen Mercedes Goertzel, CISSP, CSSLP Senior Lead Scientist Booz Allen Hamilton 703.698.7454 goertzel_ka...@bah.com "The hardest thing of all is to find a black cat

Re: [SC-L] [External] Re: SearchSecurity: Dynamism

2015-09-08 Thread Peter G. Neumann
Reference monitors were a lovely concept, largely invented for multilevel security kernels and trusted computing bases, but are almost nonexistent in that context. Yes, they'd be lovely to have, but even the NSA folks seem to have abandoned them... ___

Re: [SC-L] [External] Re: SearchSecurity: Dynamism

2015-09-08 Thread Gary McGraw
As far as I know, Microsoft integrated some reference monitoring into their OS family under Fred Schneider’s guidance. They called it “inline reference monitoring” and I believe they still use it. gem On 9/8/15, 8:49 AM, "SC-L on behalf of Goertzel, Karen [USA]"

Re: [SC-L] [External] Re: SearchSecurity: Dynamism

2015-09-08 Thread Goertzel, Karen [USA]
It's been there since Windows NT 4.0, and is used with mandatory integrity labels to enforce a mandatory integrity policy so that subjects with a lower integrity label cannot access (and, most importantly, cannot modify) objects with higher integrity labels. It also exists separate from the

Re: [SC-L] [External] Re: SearchSecurity: Dynamism

2015-09-08 Thread Alfonso De Gregorio
On Tue, Sep 8, 2015 at 7:44 PM, Gary McGraw wrote: > As far as I know, Microsoft integrated some reference monitoring into their > OS family under Fred Schneider’s guidance. They called it “inline reference > monitoring” and I believe they still use it. A related work by

Re: [SC-L] [External] Re: SearchSecurity: Dynamism

2015-09-06 Thread Goertzel, Karen [USA]
Does anyone else remember "reference monitors"? What an old-fashioned idea. But they'd certainly solve a lot of problems. === Karen Mercedes Goertzel, CISSP, CSSLP Senior Lead Scientist Booz Allen Hamilton 703.698.7454 goertzel_ka...@bah.com "The hardest thing of all is to find a black cat in a

[SC-L] Silver Bullet 113: Chandu Ketkar

2015-09-06 Thread Gary McGraw
hi sc-l, The new episode of Silver Bullet features a conversation with Chandu Ketkar. Chandu has 20+ years of experience in software, starting as a developer and working his way to a secure design proponent. Have a listen:

Re: [SC-L] SearchSecurity: Dynamism

2015-08-30 Thread Alfonso De Gregorio
On Thu, Aug 20, 2015 at 8:20 PM, Johan Peeters y...@johanpeeters.com wrote: nice one, Gary. Finally something positive about agile and DevOps. A trick that you may have missed is immutable servers, see Docker and friends. They will be a leap forward for server security when they hit the

Re: [SC-L] SearchSecurity: Dynamism

2015-08-28 Thread Johan Peeters
nice one, Gary. Finally something positive about agile and DevOps. A trick that you may have missed is immutable servers, see Docker and friends. They will be a leap forward for server security when they hit the mainstream. ___ Secure Coding mailing list

[SC-L] SearchSecurity: Dynamism

2015-08-20 Thread Gary McGraw
hi sc-l, What is the relationship between dynamic languages and dynamic methodologies? What is the impact on software security? This article provides a gentle introduction: http://bit.ly/gem-dynamic Feedback welcome. Pass it on. gem company www.cigital.com podcast

[SC-L] Silver Bullet 112: Matthew Green and Steve Bellovin on Crypto Back Doors

2015-07-23 Thread Gary McGraw
hi sc-l, For the latest episode of Silver Bullet, we spoke to two of the fifteen co-authors of the Keys Under Doormats paper describing the technical peril of implementing crypto back doors as FBI Director Comey has suggested. Steve Bellovin comes at the problem with years of experience and

Re: [SC-L] Silver Bullet 111: Marcus Ranum

2015-07-16 Thread Gunnar Peterson
In case anyone needs a summer project, I wonder what percentage of issues discussed in the 111 shows are still issues today? -gunnar On Jul 7, 2015, at 11:45 AM, Kevin W. Wall kevin.w.w...@gmail.com wrote: Ah, I see...so the dirty trick is that you are finally doing reruns. Syndication

Re: [SC-L] Silver Bullet 111: Marcus Ranum

2015-07-10 Thread Kevin W. Wall
Ah, I see...so the dirty trick is that you are finally doing reruns. Syndication can't be far behind. ;-) -kevin Sent from my Droid; please excuse typos. On Jul 7, 2015 12:07 PM, Gary McGraw g...@cigital.com wrote: hi sc-l, Silver Bullet episode 111 is a sneaky one based around a “dirty

[SC-L] Ruxcon 2015 Final Call For Presentations

2015-07-07 Thread cfp
Ruxcon 2015 Final Call For Presentations Melbourne, Australia, October 24-25 CQ Function Centre http://www.ruxcon.org.au The Ruxcon team is pleased to announce the first round of Call For Presentations for Ruxcon 2015. This year the conference will take place over the weekend of the 24th and

[SC-L] Silver Bullet 111: Marcus Ranum

2015-07-07 Thread Gary McGraw
hi sc-l, Silver Bullet episode 111 is a sneaky one based around a “dirty brilliant trick. The episode features Marcus Ranum, inventor of the proxy firewall and all around security guru. We talk about perimeter security, software security, security progress (or lack of such) and whether

[SC-L] Silver Bullet 110: Paul Dorey

2015-06-04 Thread Gary McGraw
hi sc-l, Silver Bullet episode 110 features Paul Dorey. Paul was one of the original CSOs of Europe, ultimately serving as the CSO of BP. He and I are on an Advisory Board together, and most recently, Paul and I did a “fernside chat” at the BSIMM Europe Conference. We talk about the CSO

[SC-L] RSA Antidote: Bart Preneel on Silver Bullet 109

2015-04-27 Thread Gary McGraw
hi sc-l, Lots of us have RSA Conference goo leaking out of our ears by now. Yerg. Here’s a quick antidote from a serious cryptographer. Bart Preneel is a professor at KL Leuven University (founded in 1425). He is an exceptional cryptographer and a huge supporter of software security in

[SC-L] Ruxcon 2015 Call For Presentations

2015-04-13 Thread cfp
Ruxcon 2015 Call For Presentations Melbourne, Australia, October 24-25 CQ Function Centre http://www.ruxcon.org.au The Ruxcon team is pleased to announce the first round of Call For Presentations for Ruxcon 2015. This year the conference will take place over the weekend of the 24th and 25th

[SC-L] [searchsecurity] How to structure an SSG

2015-03-31 Thread Gary McGraw
hi sc-l, During the last BSIMM Conference in Monterey, CA, Caroline Wong ran a workshop/session during which all 23 firms present shared their BSIMM structures with eachother. The event was organized as a poster session. It was a great event. Caroline and I took the data, crunched it,

[SC-L] Silver Bullet 108: Katie Moussouris

2015-03-31 Thread Gary McGraw
hi sc-l, Just in time for my Spring Break college tour with Eli, here is Silver Bullet episode 108, an interview with HackerOne’s Katie Moussouris. Katie and I talk about bug bounties, early coding (sadly she was a C64 person instead of an Apple ][+ person), SDL, BlueHat, mentors, and more.

Re: [SC-L] CFP: Mobile Security Technologies (MoST) 2015 - Paper submission deadline extension

2015-02-24 Thread Larry Koved
Submission deadline has been extended to this Friday, February 27. http://ieee-security.org/TC/SPW2015/MoST/cfp.html MOBILE SECURITY TECHNOLOGIES (MOST) 2015 Thursday, May 21, 2015 The Fairmont Hotel, San Jose, CA Mobile Security Technologies (MoST) brings together researchers, practitioners,

[SC-L] CFP: Mobile Security Technologies (MoST) 2015 - Final Call for Papers

2015-02-24 Thread Larry Koved
Submission deadline is this Sunday. http://ieee-security.org/TC/SPW2015/MoST/cfp.html MOBILE SECURITY TECHNOLOGIES (MOST) 2015 Thursday, May 21, 2015 The Fairmont Hotel, San Jose, CA Mobile Security Technologies (MoST) brings together researchers, practitioners, policy makers, and hardware and

[SC-L] [article] When risk management goes bad

2015-02-24 Thread Gary McGraw
hi sc-l, I wrote my latest SearchSecurity article based on conversations I have been having with a number of CSOs and security execs. It’s about what happens when risk management goes bad. The biggest failure condition seems to be “ignoring the lows” entirely. Anyway, have a read and pass

Re: [SC-L] [article] When risk management goes bad

2015-02-24 Thread Christian Heinrich
Gary, On Sat, Feb 21, 2015 at 6:13 AM, Gary McGraw g...@cigital.com wrote: I wrote my latest SearchSecurity article based on conversations I have been having with a number of CSOs and security execs. It’s about what happens when risk management goes bad. The biggest failure condition

Re: [SC-L] [article] When risk management goes bad

2015-02-24 Thread Gary McGraw
hi christian, Good point. A combined risk score based on “SIL” levels is what I was using in my article. The combination risk score takes into account both technology risk and business risk. Using one component or the other alone is folly. gem On 2/24/15, 4:13 AM, Christian Heinrich

[SC-L] The Web Platform podcast talks security

2015-02-04 Thread Gary McGraw
hi sc-l, An entire gaggle of devs and architects interviews me about software security. have a listen. Pass it on http://thewebplatform.libsyn.com/28-securing-your-web-applications gem company www.cigital.com podcast www.cigital.com/silverbullet blog www.cigital.com/justiceleague book

[SC-L] Superbowl Silver Bullet Security Podcast 106: Steve Katz

2015-02-03 Thread Gary McGraw
hi sc-l, What’s better than the Superbowl? Silver Bullet of course! Hah. Have a listen to episode 106 featuring Steve Katz, widely revered as the world’s first CISO. Steve has served as CISO of citibank/citigroup, JP Morgan, Merril Lynch, and Kaiser Permanente. (We serve on one Advisory

[SC-L] CFP: Web 2.0 Security and Privacy Workshop Call for Papers - Final call for papers

2015-01-22 Thread Larry Koved
http://ieee-security.org/TC/SPW2015/W2SP/cfp.html Dear Colleagues, Please consider to submit and/or forward to the appropriate groups/personnel the opportunity to submit to the Web 2.0 Security and Privacy Workshop (W2SP) which is held as part of the IEEE Computer Society Security and

[SC-L] CFP: Mobile Security Technologies (MoST) 2015

2015-01-22 Thread Larry Koved
http://ieee-security.org/TC/SPW2015/MoST/cfp.html MOBILE SECURITY TECHNOLOGIES (MOST) 2015 Thursday, May 21, 2015 The Fairmont Hotel, San Jose, CA Mobile Security Technologies (MoST) brings together researchers, practitioners, policy makers, and hardware and software developers of mobile

[SC-L] Silver Bullet: Whitfield Diffie

2015-01-01 Thread Gary McGraw
hi sc-l, Merry New Year to you all!! Episode 105 of Silver Bullet is an interview with Whitfield Diffie. Whit co-invented PKI among other things. We have an in depth talk about crypto, computation, LISP, AI, quantum key distro, and more http://bit.ly/SB-diffie As always, your feedback on

[SC-L] CFP: Mobile Security Technologies (MoST) 2015

2014-11-12 Thread Larry Koved
http://ieee-security.org/TC/SPW2015/MoST/ MOBILE SECURITY TECHNOLOGIES (MOST) 2015 Thursday, May 21, 2015 The Fairmont Hotel, San Jose, CA Mobile Security Technologies (MoST) brings together researchers, practitioners, policy makers, and hardware and software developers of mobile systems to

[SC-L] Silver Bullet: Brian Krebs

2014-10-31 Thread Gary McGraw
hi sc-l, Silver Bullet episode 103 features Brian Krebs, whose website http://krebsonsecurity.com is among the leading security reporting sites on the planet. Brian was once a reporter for the Washington Post, but he went solo after being let go (too deep for the dinosaur). Krebs broke a number

[SC-L] Silver Bullet 102: Richard Danzig

2014-09-21 Thread Gary McGraw
hi sc-l, The 102nd monthly episode of the Silver Bullet podcast features a conversation with Richard Danzig. Richard is a very accomplished leader who served as Secretary of the Navy (among other powerful positions). He is currenty a member of the Board of the Center for a New American

[SC-L] IEEE Center for Secure Design [searchsecurity and silver bullet]

2014-08-27 Thread Gary McGraw
hi sc-l, This evening in SF we are officially launching the IEEE Center for Seure Design with a small event including security people and press. Jim DelGrosso and I will make a short presentation about the CSD during the launch. I devoted both of my monthly pieces (Silver Bullet and

[SC-L] Ruxcon 2014 Final Call For Presentations

2014-07-15 Thread cfp
Ruxcon 2014 Call For Presentations Melbourne, Australia, October 11th-12th CQ Function Centre http://www.ruxcon.org.au The Ruxcon team is pleased to announce the Final Call For Presentations for Ruxcon 2014. This year the conference will take place over the weekend of the 11th and 12th of

Re: [SC-L] SearchSecurity: Medical Devices and Software Security

2014-07-07 Thread Jeremy Epstein
Agree with you - there's nothing new in the article. I gave a talk a couple years ago at a conference on biomedical engineering, and there was one person in the room (out of a few hundred) who had heard of Therac-25. (Which I assume is what you were referring to with 1985.) If the article were

Re: [SC-L] [External] Re: SearchSecurity: Medical Devices and Software Security

2014-07-07 Thread Goertzel, Karen [USA]
Another big frustration: No-one seems to be making any real headway into the problem of actually measuring loss attributable to doing nothing - or, in other words, losses cradle to grave from operating insufficiently secure systems. People try to measure ROI from security, which is a ridiculous

[SC-L] SearchSecurity: Medical Devices and Software Security

2014-07-03 Thread Gary McGraw
hi sc-l, Chandu Ketkar and I wrote an article about medical device security based on a talk Chandu gave at Kevin Fu’s Archimedes conference in Ann Arbor. In the article, we discuss six categories of security defects that Cigital discovers again and again when analyzing medical devices for our

[SC-L] Silver Bullet 99: Michael Hicks

2014-07-03 Thread Gary McGraw
hi sc-l, Silver Bullet Security Podcast number 99 (99 months in a row!!) was just posted. This episode features a programming languages smorgasbord with Michael Hicks, professor of CS and security at University of Maryland. We talk type safety, closure, why C is bad, what makes dynamic

[SC-L] Silver Bullet 98: Bart MIller

2014-06-05 Thread Gary McGraw
hi sc-l, Bart Miller, computer science professor from Wisconsin, coined the term fuzz testing in 1990. He also is the PI for the DHS SWAMP---a software assurance marketplace of sorts. Bart knows a ton abiut software analysis. In episode 98 of Silver Bullet, we geek out about software

[SC-L] Breakpoint 2014 Call For Presentations

2014-05-07 Thread cfp
Breakpoint 2014 Call For Papers Melbourne, Australia, October 8th-9th Intercontinental Rialto http://www.ruxconbreakpoint.com .[x]. Introduction .[x]. The Ruxcon team is pleased to announce Call For Papers for Breakpoint 2014. Breakpoint showcases the work of expert security researchers from

[SC-L] Silver Bullet 97 + SearchSecurity Heartbleed

2014-05-06 Thread Gary McGraw
hi sc-l, Heartbleed? Who cares? We do. Real lessons here http://bit.ly/1lBKDsE Silver Bullet 97. Programming languages actually matter. http://www.cigital.com/silver-bullet/show-097/ Read. Listen. Share. React. We want your feedback. gem

[SC-L] Ruxcon 2014 Call For Papers

2014-05-06 Thread cfp
Ruxcon 2014 Call For Presentations Melbourne, Australia, October 11th-12th http://www.ruxcon.org.au The Ruxcon team is pleased to announce the Call For Presentations for Ruxcon 2014. This year the conference will take place over the weekend of the 11th and 12th of October at the CQ Function

[SC-L] CFP: Mobile Security Technologies (MoST) 2014 - Call for Participation - May 17

2014-05-06 Thread Larry Koved
http://mostconf.org/2014/cfp.html Mobile Security Technologies (MoST) 2014 Saturday May 17, 2014 co-located with The 34th IEEE Symposium on Security and Privacy (IEEE SP 2014) an event of The IEEE Computer Society's Security and Privacy Workshops (SPW 2014) Mobile Security Technologies

Re: [SC-L] WEB 2.0 SECURITY AND PRIVACY 2014 WORKSHOP CALL FOR PAPERS - Call for Participation - May 18

2014-05-06 Thread Larry Koved
http://w2spconf.com/2014/ WEB 2.0 SECURITY AND PRIVACY 2014 WORKSHOP CALL FOR PAPERS IMPORTANT DATES Workshop date: Sunday, May 18, 2014 W2SP brings together researchers, practitioners, web programmers, policy makers, and others interested in the latest understanding and advances in the

[SC-L] Ruxcon 2014 Call For Papers

2014-05-06 Thread cfp
Ruxcon 2014 Call For Presentations Melbourne, Australia, October 11th-12th http://www.ruxcon.org.au The Ruxcon team is pleased to announce the Call For Presentations for Ruxcon 2014. This year the conference will take place over the weekend of the 11th and 12th of October at the CQ Function

[SC-L] WEB 2.0 SECURITY AND PRIVACY 2014 WORKSHOP CALL FOR PAPERS - Call for Participation

2014-04-15 Thread Larry Koved
http://w2spconf.com/2014/ WEB 2.0 SECURITY AND PRIVACY 2014 WORKSHOP CALL FOR PAPERS IMPORTANT DATES Workshop date: Sunday, May 18, 2014 W2SP brings together researchers, practitioners, web programmers, policy makers, and others interested in the latest understanding and advances in the

Re: [SC-L] [External] Firewalls, Fairy Dust, and Forensics

2014-04-04 Thread Goertzel, Karen [USA]
The one point that's missing from the article is to remind people: What the heck do you think firewalls are made of? Software! So unless a software manufacturer has got software security religion, their product is just as likely to be broken inside than the things it allegedly protects. ===

Re: [SC-L] [External] Firewalls, Fairy Dust, and Forensics

2014-04-04 Thread Gary McGraw
hi karen, Good point, and one that I usually make! I agree. gem On 4/1/14, 9:16 AM, Goertzel, Karen [USA] goertzel_ka...@bah.com wrote: The one point that's missing from the article is to remind people: What the heck do you think firewalls are made of? Software! So unless a software

[SC-L] Silver Bullet 96: Nate Fick, CEO of Endgame (and combat veteran)

2014-04-04 Thread Gary McGraw
hi sc-l, Nate Fick is an interesting man. He has a classics degree from Dartmouth, where he is now a Trustee. He served combat tours in Afghanistan and Iraq, resulting in the book “One Bullet Away” and the HBO series “Generation Kill.” He served as the CEO of an important new think thank,

[SC-L] Firewalls, Fairy Dust, and Forensics

2014-04-01 Thread Gary McGraw
hi sc-l, Ever get discouraged that we have not been making enough progress in software security? Well, we have been making plenty of progress and our field is growing fast! This peppy little article (co-authored with Sammy Migues) explains why firewalls, fairy dust, and forensics are not

[SC-L] IEEE Computer article

2014-03-26 Thread Gary McGraw
hi sc-l, I was asked to write an article for IEEE Computer’s security column this month. It’s about software security. Security Fatigue? Shift Your Paradigmhttp://www.cigital.com/presentations/mco2014030081.pdf, (IEEE Computer Society, March 2014) As always, your feedback is welcome. You

[SC-L] Paul dot com podcast on #swsec at 6pm EST

2014-03-20 Thread Gary McGraw
hi sc-l, Tonight at 6pm EST I will be participating in a paul dot com webcast and talking all things software security. Please tune in if you can, and spread the word! http://securityweekly.com/watch gem company www.cigital.com podcast www.cigital.com/silverbullet blog

[SC-L] CFP: Mobile Security Technologies (MoST) 2014 - Deadline extended to March 10

2014-03-09 Thread Larry Koved
http://mostconf.org/2014/cfp.html Mobile Security Technologies (MoST) 2014 co-located with The 34th IEEE Symposium on Security and Privacy (IEEE SP 2014) an event of The IEEE Computer Society's Security and Privacy Workshops (SPW 2014) Mobile Security Technologies (MoST) brings together

[SC-L] CFP: WEB 2.0 SECURITY AND PRIVACY 2014 WORKSHOP CALL FOR PAPERS - Deadline extension to March 5

2014-03-09 Thread Larry Koved
WEB 2.0 SECURITY AND PRIVACY 2014 WORKSHOP CALL FOR PAPERS IMPORTANT DATES Paper submission deadline: March 5, 2014 (11:59pm US-PST) Workshop acceptance notification date: March 29, 2014 Workshop date: Sunday, May 18, 2014 Workshop paper submission web site:

[SC-L] Silver Bullet 95: Charlie Miller

2014-02-28 Thread Gary McGraw
hi sc-l, Greetings from RSA, where the show gets underway today. I hope to see some sc-l readers out here. (Come see us duing the show https://www.cigital.com/blog/2014/01/rsa-2014/.) Episode 95 of silver bullet features a conversation with Charie Miller, who now works at Twitter as a

[SC-L] Final CFP: WEB 2.0 SECURITY AND PRIVACY 2014 WORKSHOP CALL FOR PAPERS

2014-02-19 Thread Larry Koved
WEB 2.0 SECURITY AND PRIVACY 2014 WORKSHOP CALL FOR PAPERS IMPORTANT DATES Paper submission deadline: February 26, 2014 (11:59pm US-PST) Workshop acceptance notification date: March 29, 2014 Workshop date: Sunday, May 18, 2014 Workshop paper submission web site:

[SC-L] CFP: Mobile Security Technologies (MoST) 2014

2014-02-19 Thread Larry Koved
http://mostconf.org/2014/cfp.html Mobile Security Technologies (MoST) 2014 co-located with The 34th IEEE Symposium on Security and Privacy (IEEE SP 2014) an event of The IEEE Computer Society's Security and Privacy Workshops (SPW 2014) Mobile Security Technologies (MoST) brings together

[SC-L] FYI: OWASP AppSec Europe 2014 - Call For Papers - submission deadline Mar-21

2014-02-14 Thread Tobias
Hello dear secure coding fellows, fyi: we just opened the Call for Papers for the upcoming OWASP AppSec Europe in Cambridge in June 2014. Closing deadline: March 21st Please be invited to submit your papers, presentations, research papers and training proposals.

[SC-L] FYI: OWASP CISO Survey Report 2013 Released

2014-02-14 Thread Tobias
Hello dear secure coding fellows, just fyi: OWASP just released the OWASP CISO Survey Report 2013 Version 1.0 https://www.owasp.org/index.php/OWASP_CISO_Survey. /Among application security stakeholders, Chief Information Security Officers (CISOs),are responsible for application security from

[SC-L] CFP: WEB 2.0 SECURITY AND PRIVACY 2014 WORKSHOP CALL FOR PAPERS

2014-02-13 Thread Larry Koved
2 weeks until the submission deadline WEB 2.0 SECURITY AND PRIVACY 2014 WORKSHOP CALL FOR PAPERS IMPORTANT DATES Paper submission deadline: February 26, 2014 (11:59pm US-PST) Workshop acceptance notification date: March 29, 2014 Workshop date: Sunday, May 18, 2014 Workshop paper submission web

[SC-L] IR/Application Security

2014-02-10 Thread Tom Brennan - OWASP
In this episode Karl Sigler sit's down with Grayson Lenik, a forensic expert for Trustwave SpiderLabs. We talk about Point-of-Sale malware, including common web application security attack vectors as well as remediation steps to help protect businesses using POS systems.

[SC-L] Cfp: IEEE SP Workshop on Cyber Crime 2014

2014-02-08 Thread wmazurczyk
Dear Collegues, Please consider submitting papers to IWCC (International Workshop on Cyber Crime) 2014 which is is part of the IEEE CS Security amp; Privacy Workshops (SPW 2014), an event of the IEEE CS Technical Committee on Security and Privacy and like last year will be co-located with IEEE

[SC-L] CFP: Mobile Security Technologies (MoST) 2014 - March 3 submission deadline

2014-02-08 Thread Larry Koved
http://mostconf.org/2014/cfp.html Mobile Security Technologies (MoST) 2014 co-located with The 34th IEEE Symposium on Security and Privacy (IEEE SP 2014) an event of The IEEE Computer Society's Security and Privacy Workshops (SPW 2014) Mobile Security Technologies (MoST) brings together

[SC-L] CFP: WEB 2.0 SECURITY AND PRIVACY 2014 WORKSHOP CALL FOR PAPERS - February 26 submission deadline

2014-02-08 Thread Larry Koved
WEB 2.0 SECURITY AND PRIVACY 2014 WORKSHOP CALL FOR PAPERS IMPORTANT DATES Paper submission deadline: February 26, 2014 (11:59pm US-PST) Workshop acceptance notification date: March 29, 2014 Workshop date: Sunday, May 18, 2014 Workshop paper submission web site:

[SC-L] Silver Bullet 94: Ming Chow (Tufts)

2014-02-03 Thread Gary McGraw
hi sc-l, Episode 94 (in a row) of Silver Bullet features a conversation with Ming Chow, a developer who got interested in security and accidentally became a software security guy teaching at Tufts. We talk about that. We talk about exploiting online games (and using that as a teaching

[SC-L] SearchSecurity: Scaling Automated Code Review

2014-01-29 Thread Gary McGraw
hi sc-l, The latest monthy SearchSecurity article was co-authored with Jim Routh, CSO of Aetna. What Jim is doing for his fifth (!!) software security initiative is very interesting. So interesting that we decided to write about it. In particular pay attention to Jim's use of a light weight

[SC-L] CFP: Mobile Security Technologies (MoST) 2014

2014-01-27 Thread Larry Koved
http://mostconf.org/2014/cfp.html Mobile Security Technologies (MoST) 2014 co-located with The 34th IEEE Symposium on Security and Privacy (IEEE SP 2014) an event of The IEEE Computer Society's Security and Privacy Workshops (SPW 2014) Mobile Security Technologies (MoST) brings together

[SC-L] CFP: WEB 2.0 SECURITY AND PRIVACY 2014 WORKSHOP CALL FOR PAPERS

2014-01-27 Thread Larry Koved
WEB 2.0 SECURITY AND PRIVACY 2014 WORKSHOP CALL FOR PAPERS IMPORTANT DATES Paper submission deadline: February 26, 2014 (11:59pm US-PST) Workshop acceptance notification date: March 29, 2014 Workshop date: Sunday, May 18, 2014 Workshop paper submission web site:

Re: [SC-L] BSIMM-V Article in Application Development Times

2014-01-22 Thread Stephen de Vries
For anyone interested in this topic and working in appsec and/or dev, there’s a survey by the trusted software alliance which touches on some of these questions here: https://www.surveymonkey.com/s/Developers_and_AppSec On Jan 7, 2014, at 8:07 PM, Christian Heinrich

Re: [SC-L] BSIMM-V Article in Application Development Times

2014-01-08 Thread Christian Heinrich
Stephen, On Sat, Jan 4, 2014 at 8:12 PM, Stephen de Vries step...@continuumsecurity.net wrote: Leaving the definition of agile aside for the moment, doesn’t the fact that the BSIMM measures organisation wide activities but not individual dev teams mean that we could be drawing inaccurate

Re: [SC-L] BSIMM-V Article in Application Development Times

2014-01-07 Thread Stephen de Vries
Hi Sammy, Antti, On 20 Dec 2013, at 17:29, Sammy Migues smig...@cigital.com wrote: Also, in nearly all cases, it would be very hard to characterize an entire firm or even an entire business unit in larger firms as Agile or not. Many larger firms use Agile for only a small percentage of

[SC-L] Cfp: IEEE SP 2014 workshop: International Workshop on Cyber Crime (IWCC 2014)

2014-01-07 Thread wmazurczyk
Dear Collegues, Please consider submitting papers to IWCC 2014 (International Workshop on Cyber Crime) which is is part of the IEEE CS Security Privacy Workshops (SPW 2014), an event of the IEEE CS Technical Committee on Security and Privacy and like last year will be co-located with IEEE SP

[SC-L] SearchSecurity: Scaling Architectural Risk Analysis

2013-12-26 Thread Gary McGraw
hi sc-l, Following on the heels of our SearchSecurity article on Architectural Risk Analysis (probably the most difficult touchpoint in software security), Jim DelGrosso and I write about how to scale ARA. http://bit.ly/19Jmk7f (or

  1   2   3   4   5   6   7   8   9   10   >