Re: [SC-L] SearchSecurity: Cyber Security and the Law

2012-08-02 Thread Greg Beeley
How would we recognize good engineering? It seems to me like the very same problem faced by the idea of software liability law - that it is hard to define good engineering for software security - would be faced by an incentive program. If good engineering is fuzzy enough to give a big corporate

Re: [SC-L] BSIMM3 lives

2011-10-22 Thread Greg Beeley
Gary, Could you clarify your (and/or the BSIMM) position on secure by design vs designed to be secure? You're encouraging the adoption of secure-by-design building blocks, as a part of SFD2.1, but then warning that designed to be secure != secure. I can think of examples/ways that what you've

Re: [SC-L] [WEB SECURITY] Re: What do you like better Web penetration testing or static code analysis?

2010-05-05 Thread Greg Beeley
Regarding the code snippet -- it does depend on the environment -- point well taken. But in this case (from what I can tell), unless you actually have the file_exists() function *disabled* in php.ini, this is vulnerable to XSS. - Greg Sebastian Schinzel wrote, On 04/28/2010 04:03 AM: On Apr

Re: [SC-L] blog post and open source vulnerabilities to blog about

2010-03-17 Thread Greg Beeley
). A good example of complex code being more difficult to secure. - Greg Beeley LightSys Matt Parsons wrote, On 03/16/2010 10:41 AM: Hello, I am working on a software security blog and I am trying to find open source vulnerabilities to present and share. Does anyone else have any open

Re: [SC-L] What defines an InfoSec Professional?

2007-03-08 Thread Greg Beeley
[...] I do suspect that some of it is tied to the romance of certifications such as CISSP whereby the exams that prove you are a security professional talk all about physical security and network security but really don't address software development in any meaningful way. [...] That's

Re: [SC-L] Fwd: re-writing college books - erm.. ahm...

2006-11-07 Thread Greg Beeley
for starting to exercise that defensive coding muscle. It gets students used to assuming that their program will be abused and misused, among other things :) Greg. Greg Beeley, President Co-Founder [EMAIL