Re: [SC-L] any one a CSSLP is it worth it?

2010-04-14 Thread Dana Epp
that crappy piece of code that I didn't properly threat model 15 years ago that is still in use today. -- Regards, Dana Epp Microsoft Security MVP On Wed, Apr 14, 2010 at 8:24 AM, Wall, Kevin kevin.w...@qwest.com wrote: Gary McGraw wrote... Way back on May 9, 2007 I wrote my thoughts about

Re: [SC-L] Unclassified NSA document on .NET 2.0 Framework Security

2008-11-26 Thread Dana Epp
to reflect on them to tactically do it. -- Regards, Dana Epp Microsoft Security MVP On Tue, Nov 25, 2008 at 9:01 AM, Stephen Craig Evans [EMAIL PROTECTED] wrote: Gunnar, Developers have no power. You should be talking to the decision makers. As an example, to instill the importance

Re: [SC-L] Bumper sticker definition of secure software

2006-07-24 Thread Dana Epp
think they can solve all problems with technology without considering all risks and impacts to the business. Regards, Dana Epp [Microsoft Security MVP] http://silverstr.ufies.org/blog/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of mikeiscool Sent

Re: [SC-L] bumper sticker slogan for secure software

2006-07-21 Thread Dana Epp
). So 0x5 means - no reception (0) - good signal strength (5) ie, we're doing ok at getting our message out, but people aren't listening yet. That cracked me up. So fitting for this forum. Regards, Dana Epp [Microsoft Security MVP] http://silverstr.ufies.org/blog/ -Original Message

Re: [SC-L] bumper sticker slogan for secure software

2006-07-20 Thread Dana Epp
in our infancy when it comes to secure software as a discipline, and we still have much to learn before we will reach it. Regards, Dana Epp [Microsoft Security MVP] http://silverstr.ufies.org/blog/ ___ Secure Coding mailing list (SC-L) SC-L

Re: [SC-L] bumper sticker slogan for secure software

2006-07-18 Thread Dana Epp
. It simply says: 0x5 10 points to the first person to explain what that means. Regards, Dana Epp [Microsoft Security MVP] http://silverstr.ufies.org/blog/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of SC-L Subscriber Dave Aronson Sent: Tuesday, July 18

RE: [SC-L] ddj: beyond the badnessometer

2006-07-13 Thread Dana Epp
to show green blinky lights to tell you the code is safe. Human heuristics come into play here, and we have to leverage what assets we have, both manual and automatic, to find the faulty code and eliminate it. And pentesting is just another one of those tools in the arsenal to help. Regards, Dana Epp

RE: [SC-L] Bugs and flaws

2006-02-03 Thread Dana Epp
not something that will be fixed over night. --- Regards, Dana Epp[Microsoft Security MVP] Blog: http://silverstr.ufies.org/blog/ From: [EMAIL PROTECTED] on behalf of Crispin CowanSent: Fri 2/3/2006 12:12 PMTo: Gary McGrawCc: Kenneth R. van Wyk; Secure Coding Mailing ListSubject: Re: [SC-L] Bugs

[no subject]

2004-12-02 Thread Dana Epp
[EMAIL PROTECTED] Subject: Re: [SC-L] How do we improve s/w developer awareness? Date: Thu, 2 Dec 2004 12:52:35 -0800 Sender: [EMAIL PROTECTED] Precedence: bulk Mailing-List: contact [EMAIL PROTECTED] ; run by MajorDomo List-Id: Secure Coding Mailing List sc-l.securecoding.org List-Post:

Re: [SC-L] How do we improve s/w developer awareness?

2004-11-12 Thread Dana Epp
of this email or its contents. Thank You. -- Regards, Dana Epp [Blog: http://silverstr.ufies.org/blog/]

Re: [SC-L] Programming languages used for security

2004-07-10 Thread Dana Epp
time and eliminating coding error. You will find exactly those arguments in the preface to the KR C book. Crispin -- Regards, Dana Epp [Blog: http://silverstr.ufies.org/blog/]

Re: [SC-L] Education and security -- another perspective (was ACM Queue - Content)

2004-07-08 Thread Dana Epp
environment in universities. And more importantly, from a secure coding objective, you can show what NOT to do. -- Regards, Dana Epp [Blog: http://silverstr.ufies.org/blog/]