[SC-L] Fwd: IEEE W/NV Computer Society Presentation

2011-03-15 Thread Benjamin Tomhave
/enotice/options.php?SN=TomhaveLN=CHAPTER and be certain to include your IEEE member number. If you need assistance with your E-Notice subscription, please contact k.n@ieee.org IEEE, 445 Hoes Lane, Piscataway, NJ 08854 USA -- Benjamin

[SC-L] BSides Austin 2011 CFP / CFS

2011-01-18 Thread Benjamin Tomhave
website: http://www.keepsecurityweird.org/ Please feel free to contact me directly (off-list) if you have questions or are interested in helping out! Thank you, -ben -- Benjamin Tomhave, MS, CISSP tomh...@secureconsulting.net Blog: http://www.secureconsulting.net/ Twitter: http://twitter.com

[SC-L] RSnake's final post

2010-12-01 Thread Benjamin Tomhave
/20101201/and-beyond -- Benjamin Tomhave, MS, CISSP tomh...@secureconsulting.net Blog: http://www.secureconsulting.net/ Twitter: http://twitter.com/falconsview LI: http://www.linkedin.com/in/btomhave [ Random Quote: ] Champions aren't made in gyms. Champions are made from something they have deep

[SC-L] Java: the next platform-independent target

2010-10-20 Thread Benjamin Tomhave
://krebsonsecurity.com/2010/10/java-a-gift-to-exploit-pack-makers/ Announcing Microsoft Security Intelligence Report version 9 http://blogs.technet.com/b/mmpc/archive/2010/10/13/announcing-microsoft-security-intelligence-report-version-9.aspx cheers, -ben -- Benjamin Tomhave, MS, CISSP tomh

[SC-L] free scans from Google...

2010-03-20 Thread Benjamin Tomhave
-automated-web.html -- Benjamin Tomhave, MS, CISSP tomh...@secureconsulting.net Blog: http://www.secureconsulting.net/ Twitter: http://twitter.com/falconsview LI: http://www.linkedin.com/in/btomhave [ Random Quote: ] Do you think that when they asked George Washington for ID that he just whipped

[SC-L] sponsors still needed for BSides Austin

2010-03-08 Thread Benjamin Tomhave
to how it works, but we believe that listening to the underground can help prepare you and help identify what the next big thing might be. Thank you, -ben -- Benjamin Tomhave, MS, CISSP tomh...@secureconsulting.net Blog: http://www.secureconsulting.net/ Twitter: http://twitter.com/falconsview LI

Re: [SC-L] web apps are homogenous?

2010-02-26 Thread Benjamin Tomhave
/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___ -- Benjamin Tomhave, MS, CISSP tomh...@secureconsulting.net Blog: http

Re: [SC-L] seeking hard numbers of bug fixes...

2010-02-23 Thread Benjamin Tomhave
/ On 2/22/10 11:22 AM, Wall, Kevin wrote: Benjamin Tomhave wrote: ... we're looking for hard research or numbers that covers the cost to catch bugs in code pre-launch and post-launch. The notion being that the organization saves itself money if it does a reasonable amount of QA (and security

[SC-L] seeking hard numbers of bug fixes...

2010-02-22 Thread Benjamin Tomhave
a reasonable amount of QA (and security testing) up front vs trying to chase things down after they've been identified (and possibly exploited). Any help? Thank you, -ben -- Benjamin Tomhave, MS, CISSP tomh...@secureconsulting.net Blog: http://www.secureconsulting.net/ Twitter: http

Re: [SC-L] A massive change at DARPA

2010-02-11 Thread Benjamin Tomhave
://www.KRvW.com) as a free, non-commercial service to the software security community. ___ -- Benjamin Tomhave, MS, CISSP tomh...@secureconsulting.net Blog: http://www.secureconsulting.net/ Twitter: http://twitter.com/falconsview LI: http://www.linkedin.com

Re: [SC-L] BSIMM update (informIT)

2010-02-03 Thread Benjamin Tomhave
, non-commercial service to the software security community. ___ -- Benjamin Tomhave, MS, CISSP tomh...@secureconsulting.net Blog: http://www.secureconsulting.net/ Twitter: http://twitter.com/falconsview LI: http://www.linkedin.com/in/btomhave

Re: [SC-L] BSIMM update (informIT)

2010-02-03 Thread Benjamin Tomhave
that they should be doing independently, it has a negative side effect on our economy by causing folks to spend money in non-strategic ways. -Original Message- From: sc-l-boun...@securecoding.org [mailto:sc-l-boun...@securecoding.org] On Behalf Of Benjamin Tomhave Sent: Tuesday, February 02

Re: [SC-L] NIST SP 800-37

2010-02-03 Thread Benjamin Tomhave
charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___ -- Benjamin Tomhave, MS, CISSP

[SC-L] How a stray mouse click choked the NYSE cost a bank $150K

2010-01-28 Thread Benjamin Tomhave
NYSE has come out with findings on a Credit Suisse initiated DOS issue... something so small, yet so fundamentally flawed... http://arstechnica.com/business/news/2010/01/how-a-stray-mouse-click-choked-the-nyse-cost-a-bank-150k.ars -- Benjamin Tomhave, MS, CISSP tomh...@secureconsulting.net Blog

Re: [SC-L] Blog skiiers versus snowboarders CISSPs vs programmers

2010-01-13 Thread Benjamin Tomhave
. ___ -- Benjamin Tomhave, MS, CISSP tomh...@secureconsulting.net Blog: http://www.secureconsulting.net/ Twitter: http://twitter.com/falconsview LI: http://www.linkedin.com/in/btomhave [ Random Quote: ] I have no special talent. I am only passionately curious

Re: [SC-L] InformIT: You need an SSG

2010-01-13 Thread Benjamin Tomhave
realistic to think that this approach can be easily replicated? (somewhat ties back into mandate/support, I suppose) Thank you, -ben -- Benjamin Tomhave, MS, CISSP tomh...@secureconsulting.net Blog: http://www.secureconsulting.net/ Twitter: http://twitter.com/falconsview LI: http://www.linkedin.com

Re: [SC-L] [Esapi-user] [Esapi-dev] Recommending ESAPI?

2010-01-13 Thread Benjamin Tomhave
, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___ -- Benjamin Tomhave, MS, CISSP tomh...@secureconsulting.net Blog: http://www.secureconsulting.net/ Twitter: http://twitter.com/falconsview LI: http

[SC-L] new post: The Three Domains of Application Security

2010-01-11 Thread Benjamin Tomhave
Of interest, I hope... http://www.secureconsulting.net/2010/01/the_three_domains_of_applicati.html -- Benjamin Tomhave, MS, CISSP tomh...@secureconsulting.net Blog: http://www.secureconsulting.net/ Twitter: http://twitter.com/falconsview LI: http://www.linkedin.com/in/btomhave [ Random Quote

Re: [SC-L] Checklist Manifesto applicability to software security

2010-01-07 Thread Benjamin Tomhave
://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___ -- Benjamin Tomhave, MS, CISSP tomh...@secureconsulting.net

[SC-L] seeking sponsors for SXSW Security BSides

2010-01-04 Thread Benjamin Tomhave
information, discuss further, etc. Thank you! -ben -- Benjamin Tomhave, MS, CISSP tomh...@secureconsulting.net Blog: http://www.secureconsulting.net/ Twitter: http://twitter.com/falconsview LI: http://www.linkedin.com/in/btomhave [ Random Quote: ] It's not whether you get knocked down, it's

Re: [SC-L] InformIT: You need an SSG

2009-12-22 Thread Benjamin Tomhave
. ___ -- Benjamin Tomhave, MS, CISSP fal...@secureconsulting.net Blog: http://www.secureconsulting.net/ Twitter: http://twitter.com/falconsview Photos: http://photos.secureconsulting.net/ Web: http://falcon.secureconsulting.net/ LI: http://www.linkedin.com/in/btomhave [ Random Quote

Re: [SC-L] new job!

2009-10-18 Thread Benjamin Tomhave
-- Benjamin Tomhave, MS, CISSP fal...@secureconsulting.net Blog: http://www.secureconsulting.net/ Twitter: http://twitter.com/falconsview Photos: http://photos.secureconsulting.net/ Web: http://falcon.secureconsulting.net/ LI: http://www.linkedin.com/in/btomhave [ Random Quote: ] Practice does not make

Re: [SC-L] Another WAF in town

2009-09-24 Thread Benjamin Tomhave
service to the software security community. ___ -- Benjamin Tomhave, MS, CISSP fal...@secureconsulting.net Blog: http://www.secureconsulting.net/ Twitter: http://twitter.com/falconsview Photos: http://photos.secureconsulting.net/ Web: http

[SC-L] OT: suddenly out of work

2009-09-23 Thread Benjamin Tomhave
experience, and have been doing this work for nigh on 15 years. Full resume is available here: http://falcon.secureconsulting.net/resume/Ben_Tomhave.pdf Thank you, and again apologies for interloping here, -ben -- Benjamin Tomhave, MS, CISSP fal...@secureconsulting.net Blog: http

Re: [SC-L] Inherently Secure Code?

2009-08-27 Thread Benjamin Tomhave
, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___ -- Benjamin Tomhave, MS, CISSP fal...@secureconsulting.net Blog: http://www.secureconsulting.net/ Twitter: http://twitter.com/falconsview Photos

Re: [SC-L] Where Does Secure Coding Belong In the Curriculum?

2009-08-26 Thread Benjamin Tomhave
it quickly. Getting it and applying it IRL are of course two completely different things. I still find it somewhat absurd that we even need to have this discussion still after how many decades of curriculum development? :) -ben -- Benjamin Tomhave, MS, CISSP fal...@secureconsulting.net Blog: http

Re: [SC-L] Where Does Secure Coding Belong In the Curriculum?

2009-08-26 Thread Benjamin Tomhave
Associate 703.698.7454 goertzel_ka...@bah.com From: Andy Steingruebl [stein...@gmail.com] Sent: Tuesday, August 25, 2009 1:14 PM To: Goertzel, Karen [USA] Cc: Benjamin Tomhave; sc-l@securecoding.org Subject: Re: [SC-L] Where Does Secure Coding Belong

Re: [SC-L] Where Does Secure Coding Belong In the Curriculum?

2009-08-26 Thread Benjamin Tomhave
to a writing clinic for English and law schools -- that would reinforce it not just for the students, but for the clinic staff as well. This sounds like an excellent extension for OWASP. :) -ben -- Benjamin Tomhave, MS, CISSP fal...@secureconsulting.net Blog: http://www.secureconsulting.net

Re: [SC-L] Cigital news (European market)

2009-05-19 Thread Benjamin Tomhave
-- Benjamin Tomhave, MS, CISSP fal...@secureconsulting.net LI: http://www.linkedin.com/in/btomhave Blog: http://www.secureconsulting.net/ Photos: http://photos.secureconsulting.net/ Web: http://falcon.secureconsulting.net/ [ Random Quote: ] Perfection is not attainable, but if we chase

Re: [SC-L] Announcing LAMN: Legion Against Meaningless certificatioNs

2009-03-22 Thread Benjamin Tomhave
available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___ -- Benjamin Tomhave, MS, CISSP fal

Re: [SC-L] BSIMM: Confessions of a Software Security Alchemist(informIT)

2009-03-20 Thread Benjamin Tomhave
passwords would not be a bug or a violation of any sort (except a violation of common sense). It would still, however, result in poor security. -- Karen Mercedes Goertzel, CISSP Booz Allen Hamilton 703.698.7454 goertzel_ka...@bah.com -Original Message- From: Benjamin Tomhave

Re: [SC-L] BSIMM: Confessions of a Software Security Alchemist(informIT)

2009-03-20 Thread Benjamin Tomhave
Goertzel, CISSP Booz Allen Hamilton 703.698.7454 goertzel_ka...@bah.com -Original Message- From: sc-l-boun...@securecoding.org on behalf of Benjamin Tomhave Sent: Thu 19-Mar-09 19:28 To: Secure Code Mailing List Subject: Re: [SC-L] BSIMM: Confessions of a Software Security

Re: [SC-L] Announcing LAMN: Legion Against Meaningless certificatioNs

2009-03-19 Thread Benjamin Tomhave
-commercial service to the software security community. ___ -- Benjamin Tomhave, MS, CISSP fal...@secureconsulting.net LI: http://www.linkedin.com/in/btomhave Blog: http://www.secureconsulting.net/ Photos: http://photos.secureconsulting.net/ Web: http

Re: [SC-L] Positive impact of an SSG

2009-03-11 Thread Benjamin Tomhave
://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___ -- Benjamin Tomhave, MS, CISSP fal...@secureconsulting.net LI: http

Re: [SC-L] Positive impact of an SSG

2009-03-11 Thread Benjamin Tomhave
message. It worked for me. Try this? http://www.downforeveryoneorjustme.com/bsi-mm.com Brian On 3/11/09 10:48 AM, Benjamin Tomhave list-s...@secureconsulting.net wrote: I think it's an interesting leap of faith. Statistically speaking, 9 is a very small sample size. Thus

[SC-L] Wysopal says tipping point reached...

2008-11-04 Thread Benjamin Tomhave
An interesting read. Not much to really argue with, I don't think. http://www.veracode.com/blog/2008/11/we%e2%80%99ve-reached-the-application-security-tipping-point/ -- Benjamin Tomhave, MS, CISSP [EMAIL PROTECTED] LI: http://www.linkedin.com/in/btomhave Blog: http://www.secureconsulting.net

[SC-L] 0x000000.com SuiGenchi Demonstration

2008-03-16 Thread Benjamin Tomhave
Has anybody had opportunity to look at this tool for PHP source code analysis? Just wondering about the relative merits vs other tools already available. http://www.0x00.com/?i=530 -- Benjamin Tomhave, MS, CISSP [EMAIL PROTECTED] LI: http://www.linkedin.com/in/btomhave Blog: http

Re: [SC-L] quick question - SXSW

2008-03-12 Thread Benjamin Tomhave
for a catalyst to spur the mutation so that it can have a life of its own. :) fwiw. -ben -- Benjamin Tomhave, MS, CISSP [EMAIL PROTECTED] LI: http://www.linkedin.com/in/btomhave Blog: http://www.secureconsulting.net/ Photos: http://photos.secureconsulting.net/ Web: http://falcon.secureconsulting.net

[SC-L] quick question - SXSW

2008-03-11 Thread Benjamin Tomhave
too idealist. I'm curious what everyone else thinks. cheers, -ben -- Benjamin Tomhave, MS, CISSP [EMAIL PROTECTED] LI: http://www.linkedin.com/in/btomhave Blog: http://www.secureconsulting.net/ Photos: http://photos.secureconsulting.net/ Web: http://falcon.secureconsulting.net/ In answer

Re: [SC-L] PCI: Boon or bust for software security?

2008-03-04 Thread Benjamin Tomhave
-- Benjamin Tomhave, MS, CISSP [EMAIL PROTECTED] LI: http://www.linkedin.com/in/btomhave Blog: http://www.secureconsulting.net/ Photos: http://photos.secureconsulting.net/ Web: http://falcon.secureconsulting.net/ In answer to the question of why it happened, I offer the modest proposal that our

[SC-L] a little coding humor...

2008-02-05 Thread Benjamin Tomhave
A little something to make you smile... infosec fellow for MS Mark Curphy posted an amusing cartoon to his blog on code review: http://securitybuddha.com/2008/02/06/funny-code-review-cartoon/ cheers, -ben -- Benjamin Tomhave, MS, CISSP [EMAIL PROTECTED] LI: http://www.linkedin.com/in/btomhave

[SC-L] XKCD on sane build environments

2008-01-16 Thread Benjamin Tomhave
A little something to make you smile... :) http://xkcd.com/371/ -- Benjamin Tomhave, MS, CISSP [EMAIL PROTECTED] Web: http://falcon.secureconsulting.net/ LI: http://www.linkedin.com/in/btomhave Blog: http://www.secureconsulting.net/ Photos: http://photos.secureconsulting.net/ [ Random Quote

Re: [SC-L] OWASP Publicity

2007-11-19 Thread Benjamin Tomhave
outmoded technologies, but that we need to be cognizant of the limited thought context and provide adequate explanation that is _understood_ when challenging what is happening and providing alternatives. cheers, -ben -- Benjamin Tomhave, MS, CISSP [EMAIL PROTECTED] Web: http

Re: [SC-L] OWASP Publicity

2007-11-18 Thread Benjamin Tomhave
should be refined to be business-oriented, extolling the business risks associated with ignoring these practices and providing a big arrow pointing in the direct of orgs like OWASP. fwiw. -ben -- Benjamin Tomhave, MS, CISSP [EMAIL PROTECTED] Web: http://falcon.secureconsulting.net/ LI: http

[SC-L] [Fwd: Seeking questions for Panel discussion on website vulnerability disclosure during OWASP-WASC AppSec Conference on Nov 15]

2007-11-07 Thread Benjamin Tomhave
Forwarding with permission... please send feedback directly to Anurag as he is not currently a member of this list. -ben -- [ Random Quote: ] Cyberspace. A consensual hallucination experienced daily by billions of legitimate operators, in every nation, by children being taught mathematical

[SC-L] Bernstein's new paper on secure coding

2007-11-06 Thread Benjamin Tomhave
Daniel J Bernstein, author of the qmail MTA, has written an interesting, short paper on qmail security and the secure coding practices that went into it. I imagine folks here will find it of interest, too. http://cr.yp.to/qmail/qmailsec-20071101.pdf -- Benjamin Tomhave, MS, CISSP [EMAIL

[SC-L] Sw Dev Laws, Engineers and Feasibility

2007-08-13 Thread Benjamin Tomhave
-of-software-development/ Understanding Engineers: Feasibility http://fishbowl.pastiche.org/2007/07/17/understanding_engineers_feasibility cheers, -ben -- Benjamin Tomhave, MS, CISSP [EMAIL PROTECTED] Web: http://falcon.secureconsulting.net/ LI: http://www.linkedin.com/in/btomhave Blog: http

[SC-L] author contends CompSci != Maths

2007-07-09 Thread Benjamin Tomhave
to Donal Knuth speak, you might start tending to agree with the argument. What do you think? http://www.itwire.com.au/content/view/13339/53/ --- Benjamin Tomhave, MS, CISSP, NSA-IAM, NSA-IEM [EMAIL PROTECTED] Web: http://falcon.secureconsulting.net/ LI: http://www.linkedin.com/in/btomhave Blog

Re: [SC-L] Technology-specific Security Standards

2007-05-23 Thread Benjamin Tomhave
technologies change. fwiw. -ben --- Benjamin Tomhave, MS, CISSP, NSA-IAM, NSA-IEM [EMAIL PROTECTED] Web: http://falcon.secureconsulting.net/ LI: http://www.linkedin.com/in/btomhave Blog: http://www.secureconsulting.net/ Photos: http://photos.secureconsulting.net/ We must scrupulously guard the civil

Re: [SC-L] What defines an InfoSec Professional?

2007-03-09 Thread Benjamin Tomhave
within the infosec genre. fwiw tgif. cheers, -ben -- Benjamin Tomhave, MS, CISSP, NSA-IAM, NSA-IEM [EMAIL PROTECTED] Web: http://falcon.secureconsulting.net/ LI: http://www.linkedin.com/profile?viewProfile=key=1539292 Blog: http://www.secureconsulting.net/ Photos: http

Re: [SC-L] differences between Threat Analysis and Threat Modeling

2007-02-14 Thread Benjamin Tomhave
that resulted in their classification. Or something like that... cheers, -ben --- Benjamin Tomhave, CISSP, NSA-IAM, NSA-IEM [EMAIL PROTECTED] Web: http://falcon.secureconsulting.net/ LI: http://www.linkedin.com/profile?viewProfile= http://www.linkedin.com/profile?viewProfile=key=1539292 key=1539292 Blog

Re: [SC-L] WEB2.0 Security Issues

2007-01-28 Thread Benjamin Tomhave
. We need keep in mind the need to balance civil liberties against universal trackability. Why does privacy need to be an illusion? (*Note: A special thanks to my friend Bob Alberti of Sanction, Inc., for proof-reading and providing input on this posting.) --- Benjamin Tomhave, CISSP, NSA-IAM, NSA

Re: [SC-L] Vulnerability tallies surged in 2006 | The Register

2007-01-22 Thread Benjamin Tomhave
), sending them to the devies, waiting 10-30 minutes, and watching the vuln disappear like magic. Am curious how change mgmt works on that, though... ;) cheers, -ben --- Benjamin Tomhave, CISSP, NSA-IAM, NSA-IEM [EMAIL PROTECTED] Web: http://falcon.secureconsulting.net/ LI: http://www.linkedin.com/pub