Call for Papers: The 7th International Conference for Internet
Technology and Secured Transactions (ICITST-2012)
Apologies for cross-postings.
Kindly email this call for papers to your colleagues,
faculty members and postgraduate students.
CALL FOR PAPERS
Agent software is all well and good.
But if you secretly implant the agents, and design them to be undetectable, and
do not inform the intended user of the system that they are there, they are
spyware - and at best, unethical. And, by my definition at least, unethical =
bad.
===
Karen
MetriSec 2012
8th International Workshop on
SECURITY MEASUREMENTS AND METRICS
Affiliated with the International Symposium on
Empirical Software Engineering and Measurement (ESEM)
September 21, 2012
Lund, Sweden
WORKSHOP OVERVIEW
Quantitative assessment is a major stumbling block for software
Given the recent discussion, I thought the list might be interested in:
http://www.links.org/?p=1242. I'm currently working on transparently
wrapping libtiff (that is, wrapping it such that the calling application is
unaware it is wrapped).
Using Capsicum For Sandboxing
The article does not suggest otherwise.
gem
On 5/11/12 1:51 PM, Ben Laurie b...@google.com wrote:
On 8 May 2012 07:18, Gary McGraw g...@cigital.com wrote:
hi sc-l,
What¹s worse, bad software or malicious software? In fact, what¹s the
difference?
My second column for SearchSecurity is all
On 11 May 2012 20:07, Gary McGraw g...@cigital.com wrote:
The article does not suggest otherwise.
Well, it certainly does _suggest_ it: All of the things that we do to
improve software security are aimed explicitly at the badware
problem.
It doesn't say it, though, I agree.
gem
On 5/11/12
In other words, flaws and defects caused through developer error, ignorance,
negligence etc. can be exploited to cause harm. So even if one could prevent
actual intentional malicious inclusions in software, one hasn't eliminated the
problem of exploitable flawed logic.
The megachallenge, of
. __
._\\. Breakpoint 2012 (___.
: Intercontinental Rialto :
: Melbourne, Australia :
: October 17th-18th
c0c0n 2012 CFP - Extended Deadline: May 15, 2012
Thanks to everyone for all the paper submissions. The CFP Review Committee
will be evaluating the same for selection. Based on the requests received,
we are extending the CFP deadline to May 15, 2012 in the hope of receiving
few more paper
hi sc-l,
What’s worse, bad software or malicious software? In fact, what’s the
difference?
My second column for SearchSecurity is all about that. Read it today. And
pass it on.
http://searchsecurity.techtarget.com/opinion/Gary-McGraw-Eliminating-badware-addresses-malware-problem
Bottom
hi sc-l,
This morning we released episode 73 of Silver Bullet. The new show is an
interview with Robert Vamosi. Robert is a well-known security reporter, having
worked for a bunch of esteemed publications including Forbes, c!net, and
threatpost. Robert also wrote a book called When Gadgets
I was very happy to see
http://www.sonatype.com/Products/Sonatype-Insight/Why-Insight/Reduce-Security-Risk/Security-Brief.
Finally some attention to the elephant in the room; what is the use of
secure coding if your software depends on third party components with
flaws?
The paper makes some very
Ruxcon 2012 Call For Papers
The Ruxcon team is pleased to announce the call for papers for the 2012 annual
Ruxcon conference.
This year the conference will take place over the weekend of 20th and 21st of
October at the CQ Function Centre, Melbourne, Australia.
The deadline for submissions is
hi sc-l,
The [in]security column that I have been writing monthly since October 2004 has
a new home. It is now published by SearchSecurity and will appear in
Information Security magazine and on SearchSecurity.
The landing page for the columns on SearchSecurity will be here:
Greetings SC-L folks,
I thought some of you might find our project announcement (below) interesting.
If you're an iOS developer or know any iOS developers, I'd like to encourage
you to check out the OWASP iGoat project. It's modeled after its namesake,
WebGoat, and is intended to be a tool for
On Fri, Mar 16, 2012 at 12:50 PM, Paolo Perego thesp0...@gmail.com wrote:
Hi list, just 2 lines for promoting my new blog on application security:
http://armoredcode.com
The idea is to talk about appsec using the developers language so talking
about testing frameworks and practices, libraries
On 21 March 2012 13:55, Jeffrey Walton noloa...@gmail.com wrote:
On Fri, Mar 16, 2012 at 12:50 PM, Paolo Perego thesp0...@gmail.com
wrote:
If you would like to add it on your feed, it would be great.
For the love of higher power, please discuss the tool chain's static
analysis capabilities,
Hi list, just 2 lines for promoting my new blog on application security:
http://armoredcode.com
The idea is to talk about appsec using the developers language so talking
about testing frameworks and practices, libraries to enforce security, how
to read a penetration test report, some hands on with
______ ___ _
___ / _ \ ___ / _ \ _ __ |___ \ / _ \/ |___ \
/ __| | | |/ __| | | | '_ \__) | | | | | __) |
| (__| |_| | (__| |_| | | | | / __/| |_| | |/ __/
\___|\___/ \___|\___/|_| |_| |_|\___/|_|_|
Agreed, but can you make secure code without thinking about security at
all? I don't think so - it's a bit like the safety vs. security debate;
in the latter case the human attacker with hostile intent tends to
invalidate your assumptions...
-Martin
Den 07.03.2012 22:27, skrev James Manico:
Foo
Cheers,
Ken
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and
Hi SC-L,
I would have hoped that Software Security should have been a topic
area in SWEBOK, right alongside Software Quality, but it doesn't look
like it...
-Martin
Opprinnelig melding
Emne: [SEWORLD] SWEBOK Version 3 Call for Reviewers
Dato: Fri, 2 Mar 2012 10:53:26
Unfortunately, it seems like the SWEBOK folks still believe that if you have
high-quality software, that will be sufficient to assure robustness against
intentional threats. It also shows a touching lack of faith that there will
never be an malicious participant in the SDLC intentionally
Karen is right. That is a legacy of Watts Humphrey.
gem
From: Goertzel, Karen [USA]
goertzel_ka...@bah.commailto:goertzel_ka...@bah.com
Date: Wed, 7 Mar 2012 09:53:18 -0500
To: Martin Gilje Jaatun secse-ch...@sislab.nomailto:secse-ch...@sislab.no,
Secure Code Mailing List
AppSec DC, the East Coast's premier information security conference,
returns with AppSec DC 2012 (http
http://www.appsecdc.org/://http://www.appsecdc.org/
www http://www.appsecdc.org/.
http://www.appsecdc.org/AppSecDChttp://www.appsecdc.org/
. http://www.appsecdc.org/org http://www.appsecdc.org/).
hi sc-l,
There is still plenty of reactive security to be seen at RSA, but the amount of
airplay that software security is getting is going up, and the presentations on
building security in are getting better.
Elinor Mills just posted a nice summary article on c!net:
Hi SC-L,
We are organizing the Sixth International Workshop on Secure Software
Engineering (SecSE 2012), in conjunction with ARES 2012, 20-24 August
2012 in Prague, Czech Republic. We welcome both original research papers
and more practical experience reports. The submission deadline is March
hi sc-l,
Happy tenth birthday to IEEE Security Privacy magazine. IEEE Security
Privacy plays an important role in the field at the critical intersection point
between peer reviewed science and applied technology. If you don't subscribe
yet, you should.
See
Please note the new submission date!
On behalf of the workshop co-chairs and program chair, we would like to
invite you participate in the Mobile Security Technologies (MoST)
Workshop.
MoST is co-located with the IEEE Security Privacy Symposium.
Mobile Security Technologies (MoST) brings
CALL FOR PAPERS
14th ECOOP Workshop on Formal Techniques for Java-like Programs (FTfJP 2012)
(co-located with ECOOP and PLDI)
Beijing China
June 12, 2012
http://www.comp.nus.edu.sg/~ftfjp
OVERVIEW
Formal techniques can help analyze programs, precisely describe
program behavior, and
MetriSec 2012
8th International Workshop on
SECURITY MEASUREMENTS AND METRICS
Affiliated with the International Symposium on
Empirical Software Engineering and Measurement (ESEM)
September 21, 2012
Lund, Sweden
WORKSHOP OVERVIEW
Quantitative assessment is a major stumbling block for software
On behalf of the workshop co-chairs and program chair, we would like to
invite you participate in the Mobile Security Technologies (MoST)
Workshop.
MoST is co-located with the IEEE Security Privacy Symposium.
Mobile Security Technologies (MoST) brings together researchers,
practitioners,
hi sc-l,
Ross Anderson's first Silver Bullet episode (episode 13) has consistently led
the download totals since its release way back when. Over 25,000 people have
listened to the episode and it remains very popular (either that or Ross is
clicking on it an awful lot himself). In order to
hi sc-l,
Third party software is a major risk category in most modern organizations (see
Third-Party Software and
Securityhttp://www.informit.com/articles/article.aspx?p=1809143). We have
been working on a BSIMM derivative called the vBSIMM to help manage third party
software risk. Today we
Hi everyone,
This is the final CFP reminder for SANS AppSec 2012 being held in Las
Vegas, Nevada on April 30 - May 1, 2012.
The call for papers ends in seven days on February 1, 2012 so submit today!
The theme for this conference is Application Security at Scale.
Billions of
Colleagues,
In 2012, OWASP is holding Global AppSec AsiaPac Conference in Sydney Australia!
OWASP Asia Pacific is the foremost Application Security conference for the
region, and brings together the community in a central meeting for 4 days to
discuss and present on recent and current
On Thu, Dec 29, 2011 at 10:32 AM, Gary McGraw g...@cigital.com wrote:
hi sc-l,
How about a little software security controversy for the tweener holiday week?
On the last day of the BSIMM Conference in November, SAFECode unveiled
a paper about the SAFECode Practices and their relationship to
Lets try that again, this time with the proper email address…
From: gem g...@cigital.commailto:g...@cigital.com
Date: Tue, 27 Dec 2011 16:32:56 -0500
To: sc-l-boun...@securecoding.orgmailto:sc-l-boun...@securecoding.org
sc-l-boun...@securecoding.orgmailto:sc-l-boun...@securecoding.org
hi sc-l,
happy new year sc-l,
The 69th episode of Silver Bullet is an interview with professor Steve Myers
from Indiana University. Steve is a cryptographer who works on Phishing, but
he also teaches the security engineering course at IU. Among other topics, we
discuss the challenge of keeping
W2SP 2012 CFP - Web 2.0 Security and Privacy 2012 Workshop Call for Papers
On behalf of the workshop co-chairs and program chair, we would like to
invite you participate in the 5th annual workshop on Web 2.0 Security
and Privacy. Started in 2007, this successful series of workshops has
On behalf of the workshop co-chairs and program chair, we would like to
invite you participate in the Mobile Security Technologies (MoST)
Workshop.
MoST is co-located with the IEEE Security Privacy Symposium.
Mobile Security Technologies (MoST) brings together researchers,
practitioners,
We are pleased to announce SecAppDev 2012, an intensive one-week
course in secure application development. The course is organized by
secappdev.org, a non-profit organization that aims to broaden security
awareness in the development community and advance secure software
engineering practices. The
Hi everyone,
It's been over a month since we first announced the CFP for the SANS
AppSec Summit being held in Las Vegas, Nevada on April 30 - May 1, 2012.
We've received a number of great submissions so far but there's only two
months left until the deadline on February 1, 2012. If you'd
hi sc-l,
We recently convened a BSIMM Community Conference near Portland, Oregon. (For
a list of the 42 companies participating in the BSIMM project, see
http://bsimm.com/community/.) The BSIMM project describes and measures the
work of 786 SSG members, who together with a satellite of 1750
hi sc-l,
I am pleased to announce that episode 68 of the Silver Bullet Security Podcast
is an interview of Cigital's own John Steven. jOHN (or jS) as he is know
around here is a well-respected technologist and software security
practitioner. He served a stint editing the Building Security In
Apologies for cross-postings!
Kindly email this Call for Papers to your colleagues,
faculty members and postgraduate students.
CALL FOR PAPERS
International Conference on Information Society (i-Society 2012)
Technical Co-Sponsored
hi sc-l,
Happy Halloween everybody.
Sammy Migues and I just published an article on Software Security Training in
informIT based on a decade of experience delivering software security training:
http://www.informit.com/articles/article.aspx?p=1767770
The article includes some analysis of both
hi sc-l,
The 67th Silver Bullet podcast features Bill Pugh. Bill is an alpha geek who
is currently a professor at University of Maryland. You may know his FindBugs
project if you're a Java person. You may not know that Bill is also a fire
eater who once lit my solstice bonfire in an
Hi SC-L,
We're happy to announce that the sixth annual SANS AppSec Summit will be
held in Las Vegas, Nevada on April 30 - May 1, 2012.
The theme for this conference is Application Security at Scale.
Billions of records in the cloud. Millions of smart mobile devices.
Millions of developers
Gary,
Could you clarify your (and/or the BSIMM) position on secure by design
vs designed to be secure? You're encouraging the adoption of
secure-by-design building blocks, as a part of SFD2.1, but then warning
that designed to be secure != secure. I can think of examples/ways
that what you've
On Tue, Oct 18, 2011 at 10:34 AM, Gary McGraw g...@cigital.com wrote:
On 10/15/11 5:45 PM, Steven M. Christey co...@rcf-smtp.mitre.org wrote:
3) The wording about OWASP ESAPI in SFD2.1 is unclear: Generic open
source software security architectures including OWASP ESAPI should
not be
hi steve and sc-l,
Sorry for the delay in responding. I am just catching up after spending
last week in Bloomington, Indiana. Some quick answers:
1) Was any analysis done to ensure that the 3 levels are consistent
from a maturity perspective - for example, if an organization
performed an
hi chris,
Thanks for posting your data. This is great.
The forty-two participating organizations in BSIMM3 are drawn from eight
verticals (with some overlap): financial services (17), independent
software vendors (15), technology firms (10), telecommunications (3),
insurance (2), energy (2),
Gary,
Congratulations to you, Brian, Sammy, and the rest of the BSIMM3
community!
I have a few questions:
1) Was any analysis done to ensure that the 3 levels are consistent
from a maturity perspective - for example, if an organization
performed an activity at level 2, that there was
hi sc-l,
BSIMM3 was just posted. You can download it from http://bsimm.com
Since the first BSIMM interview in October 2008, we’ve progressed from 9 to 30
to 42 firms (and more, at this point). We’ve also measured 11 firms twice—with
about 19 months between measurements on average—providing
The International Journal of Secure Software Engineering is planning a
special issue on security modeling. Submission deadline is October 30th
- see
http://www.igi-global.com/bookstore/titledetails.aspx?titleid=1159detailstype=callforpapersspecial
Apologies for cross-postings!
Kindly email this Call for Papers to your colleagues,
faculty members and postgraduate students.
Extended submission deadline
The 6th International Conference for Internet Technology and Secured
There are also a couple of other relevant academic security conferences:
MetriSec - http://metrisec2011.cs.nku.edu/ (September 21st in Banff, Canada)
SESS - http://homes.dico.unimi.it/~monga/sess11.html (May)
On Thu, Sep 1, 2011 at 12:41 PM, Goertzel, Karen [USA]
goertzel_ka...@bah.com wrote:
Hi Ivan (and Sergio),
Maybe I should have clarified my position.
I have no problem with security researchers and whitehats that
investigate and reverse engineer malware to make the world a better
place.
I have problems with those that create malware - under the guise of
security research -
hi sc-l,
This minor flame war reminds me of the '80s! Hurray.
I have worked hard to inject software security (the building kind) into two
conferences: The first was the SD West/SD East set of shows where I started a
software security track, did a keynote, invited Schneier to speak, etc. The
On Fri, Sep 2, 2011 at 6:19 PM, Chris Schmidt chrisisb...@gmail.com wrote:
On Sep 2, 2011, at 10:44 AM, Goertzel, Karen [USA] goertzel_ka...@bah.com
wrote:
What we need is to start building software that can fight back. Then we
could become part of cyber warfare which is much sexier than
On 9/3/2011 11:22 AM, Kevin W. Wall wrote:
On Fri, Sep 2, 2011 at 6:19 PM, Chris Schmidt chrisisb...@gmail.com wrote:
On Sep 2, 2011, at 10:44 AM, Goertzel, Karen [USA]
goertzel_ka...@bah.com wrote:
What we need is to start building software that can fight back. Then we
could become part of
Hi Steve,
On Wed, Aug 31, 2011 at 4:45 PM, Steven M. Christey
co...@linus.mitre.org wrote:
While I'd like to see Black Hat add some more defensive-minded tracks, I
just realized that this desire might a symptom of a larger problem: there
aren't really any large-scale conferences dedicated to
Ding ding ding... End of first round.
insert ring girl with below sign
Largest application software security focused event in 2011 - don't miss:
http://www.appsecusa.org
Sept 20-23 2011
###
Ding ding ding... Now let's get it on
Let's keep a professional..debate. Free speech only works
Karen Goertzel wrote:
There are these:
ISC(2) Secure Software Conference Series -
https://www.isc2.org/PressReleaseDetails.aspx?id=650
ESSoS - http://distrinet.cs.kuleuven.be/events/essos/2012/
SecSE - http://www.sintef.org/secse
SSIRI -
What we need is to start building software that can fight back. Then we could
become part of cyber warfare which is much sexier than software assurance.
:)
===
Karen Mercedes Goertzel, CISSP
Booz Allen Hamilton
703.698.7454
goertzel_ka...@bah.com
Sorry, you have reached an imaginary number.
If
While I'd like to see Black Hat add some more defensive-minded tracks, I
just realized that this desire might a symptom of a larger problem: there
aren't really any large-scale conferences dedicated to defense / software
assurance. (The OWASP conferences are heavily web-focused; Dept. of
I agree on the terminology of whitehat vs. blackhat here Sergio, but in
almost every other regard I disagree completely.
To design and build proper software and hardware there are a lot of
conferences out there, as well as trainings and a huge amount of literature.
There are very good books
Not many builders go to BlackHat. BlackHat is by Breakers, for
Defenders. It is primarily attended by Defenders, with a smaller pool
of dedicated Breakers.
It is very valuable to our industry to have conferences focused on
Breaking. Though they do have Builder and Defender talks. Some of my
first
Hi Chris,
Thanks for answering my email.
There's one thing that I actually believe you people are not following here.
Blackhat is a conference to present cutting-edge NEW offensive technologies,
methodologies, techniques, etc. It is *not* about talking things there were
already presented and
Sergio,
Blackhat IS about breaking stuff, the vendors area offers defense
products and services to improve your security. For building stuff (as
in development) there are other conferences out there. People go to
Blackhat to be aware of what things might go wrong in order to protect
better
There are these:
ISC(2) Secure Software Conference Series -
https://www.isc2.org/PressReleaseDetails.aspx?id=650
ESSoS - http://distrinet.cs.kuleuven.be/events/essos/2012/
SecSE - http://www.sintef.org/secse
SSIRI - http://paris.utdallas.edu/ssiri11/
But your point is taken. Most of the
hi sc-l,
I went to Blackhat for the first time ever this year (even though I am
basically allergic to Las Vegas), and it got me started thinking about building
things properly versus breaking things in our field. Blackhat was mostly about
breaking stuff of course. I am not opposed to
Hi gem,
I've read your article to see what direction you were willing to take, before
jumping into the conversation. Your post was exactly what I thought you were
heading to.
I disagree with your thought for many reasons.
But first I would like to use proper terms so that we don't misuse some
Greetings SC-L,
I'll keep this announcement real short...
Gunnar Peterson and I are teaming up to present our Mobile App Sec Triathlon --
3 days of training, heavily laden with hands-on exercises -- to San Jose,
California on 2-4 November 2011. Details available at:
hi sc-l,
Though Sammy, Brian, and I are busy building BSIMM3 today (lots of data to
crunch since we have 80 vectors, 12 re-measurements, and 42 firms!), we posted
the latest episode of Silver Bullet anyway. This episode features UC Santa
Barbara professor Giovanni Vigna. Giovanni has always
Apologies for cross-postings!
Kindly email this Call for Papers to your colleagues,
faculty members and postgraduate students.
CALL FOR PAPERS
The 6th International Conference for Internet Technology and Secured
Transactions
Hi Jim,
Jim, thanks for the comments.
It's a fair statement that pen tests don't just happen. There are many
organizations who don't pay attention to application security at all - and
they don't really fit in this model.
You're bang on about the lack of design activities. There just doesn't seem
hi sc-l,
At the Software Experts Summit held in silicon valley in May, Linda Rising
heard my talk on the state of software security and the BSIMM. In a hallway
conversation, she asked my to revise my informIT article on technology transfer
and innovation to publish in IEEE Software. A copy
hi sc-l,
We just posted the 64th episode of Silver Bullet---an interview of Markus
Schumacher, CEO and co-founder of Virtual Forge. Markus worked for many years
at SAP and his startup sells a static analysis tool focused on SAP's ABAP
language. I find it interesting that the ERP market is
Guys,
maybe the client side security people may be interested :
http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html
Cheers,
Stefano
--
...oOOo...oOOo
Stefano Di Paola
Software Security Engineer
Owasp Italy RD Director
Web: www.wisec.it
Twitter: http://twitter.com/WisecWisec
Rohit Sethi wrote:
Recently I sent a note about the Organic Progression of the Secure SDLC.
One of the major points that we raise in that model is the difficulty with
Climbing the Wall: Getting the lines of business to commit resource
to application/software security. This is one of the most
Kevin, that's fantastic insight. If you convert it to a blog posting I'll
add a link to it
On Thu, Jul 28, 2011 at 1:01 PM, Wall, Kevin kevin.w...@qwest.com wrote:
Rohit Sethi wrote:
** **
Recently I sent a note about the Organic Progression of the Secure SDLC.
One of the
Hi All,
The first round of speakers have been selected for Securitybyte, please
follow us on twitter @securitybyte to get the latest updates on speakers and
event.
Deral Heiland, From Printer to Owned: Leveraging Multifunction Printers
During Penetration Testing
Nithya Raman, Security threats on
This may be of interest to the list. I am not sure if Static Analysis
programs are allowed to participate but it would be interesting to see
how they fare.
Hiding Backdoors in plain sight
The CoreTex Competitions Team from Core Security is happy to announce
the 2nd Open Backdoor Hiding Finding
hi sc-l,
Some of us have been doing this software security thing for a long time (about
15 years in my case), and it is easy to overlook basic ideas that we believe
everybody already gets. During Cigital's internal technology fair this year, I
did a presentation on these basic truths which I
Gary McCraw wrote:
This month's informIT article covers the zombies:
[snip]
* Software security defects come in two main flavors—bugs at the
implementation level (code) and flaws at the architectural level (design)
So, two questions:
1) How is this (software *security* defects) different than
hi kevin,
I completely agree that bugs and flaws exist as two categories (with a
slippery slope between them) outside of security. It is important that we
focus on both kinds of defect since the narrative in software security has
mostly been about the bug parade. (See Getting Past the Bug Parade
Hi John,
Thanks for the feedback. This is exactly what we were looking for. We've
certainly sought simplicity in this model, even at the expense being
incomplete. It's not necessarily aimed at the one man shop - it's aimed at
any organization where secure software is just not an explicit
Try this on for size. JPMC already uses it in practice.
vBSIMM (BSIMM for Vendors)
http://www.informit.com/articles/article.aspx?p=1703668 (April 12, 2011)
gem
On 7/18/11 8:35 PM, Anurag Agarwal anurag.agar...@yahoo.com wrote:
Gary - So my next question is, can we come up with something
To clarify further, this is not meant to be prescriptive or even a set of
best practices. It's simple observation on how many organizations tend to
evolve if secure SDLC is not a major priority. I can't say it's based on
hard data but we have compiled the steps from experiences at several clients
To clarify further, this is not meant to be prescriptive or even a set
of best
practices. It's simple observation on how many organizations tend to
evolve if
secure SDLC is not a major priority. I can't say it's based on hard data
but we
have compiled the steps from experiences at several
Hi Paco, sorry I suppose I misunderstood BSIMM's data collection
methodology. In any event, I think it's clear this model isn't really an
alternative to BSIMM - it's a very coarse-grained set of steps that many
organizations follow before they begin to take on a more disciplined
approach to a
Jim,
You're spot on. BSIMM is not a lifecycle for any company. Heck, it's not even a
set of recommendations. It's simply a way to measure what a firm does. It's a
model formulated from observations about how some firms' implement software
security in their lifecycles. You'll never catch us
International Journal of Chaotic Computing (IJCC), Volume 1-Issue 1/2,
December 2011,ISSN 2046-3359.
CALL FOR PAPERS
Apologize for cross posting. Could you please kindly forward the following
CFP to the interested people. THANK YOU in advance!
Dear Author,
The International Journal of
hi sc-l,
Many episodes of Silver Bullet are published in IEEE Security Privacy
magazine. When that happens, we post the resulting interview article on the
silver bullet website. Here is the interview with John Savage from show 58:
Apologies for cross-postings. Please send it to interested colleagues
and students. Thanks!
CALL FOR PAPERS
***
The 6th International Conference for Internet Technology and Secured
Transactions
Hi all,
Over the years we've had the opportunity to see the evolution of security in
software development life cycles (SDLC) at many organizations. We've started
to see patterns in how things evolve from a path of least resistance: from
the bare minimum of production penetration testing through
Rohit - How is this different from BSIMM?
Thanks,
Anurag Agarwal
MyAppSecurity Inc
Cell - 919-244-0803
Email - anu...@myappsecurity.com
Website - http://www.myappsecurity.com
Blog - http://myappsecurity.blogspot.com
LinkedIn - http://www.linkedin.com/in/myappsecurity
From:
NIST is preparing the fourth Static Analysis Tool Expostion (SATE IV).
Briefly, participating tool makers run their tool on a set of programs.
Researchers led by NIST analyze the tool reports. The results and experiences
are reported at a workshop. The tool reports and analysis are made
201 - 300 of 2400 matches
Mail list logo
