Re: [SC-L] (no subject)

2006-07-17 Thread SC-L Subscriber Dave Aronson
Gary McGraw [mailto:[EMAIL PROTECTED] wrote:

  I wrote a book with viega a few years ago called building secure
  software...

Yes, John gave us all copies.  Didn't bother to get it autographed though.  :-)

  it was not about that company (at all).

It certainly was not about the horribly broken software I spent months banging 
my head against a wall trying to fix  :-(

  P.s. I actually like ivan's quip as reported by crispy.

Me too.  It contains the ideas I was trying to convey, more clearly, but it's 
still too long to fit on a bumper sticker.  :-)

-Dave



___
Secure Coding mailing list (SC-L)
SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php


[no subject]

2004-12-02 Thread Dana Epp
[EMAIL PROTECTED]
Subject: Re: [SC-L] How do we improve s/w developer awareness?
Date: Thu, 2 Dec 2004 12:52:35 -0800
Sender: [EMAIL PROTECTED]
Precedence: bulk
Mailing-List: contact [EMAIL PROTECTED] ; run by MajorDomo
List-Id: Secure Coding Mailing List sc-l.securecoding.org
List-Post: mailto:[EMAIL PROTECTED]
List-Subscribe: http://www.securecoding.org/list/
List-Unsubscribe: http://www.securecoding.org/list/
List-Help: http://www.securecoding.org/list/charter.php
List-Archive: http://lists.virus.org
Delivered-To: mailing list [EMAIL PROTECTED]
Delivered-To: moderator for [EMAIL PROTECTED]

I think we also have to realize that bridge building has had centuries of 
time to evolve, and learn from its mistakes. Secure software engineering as 
a discipline is still in its infancy. I would love to see the quality of 
bridges in its first 50 years of development.

That's of course no excuse for the current state of software development. 
But comparisons like this are like statistics... 86.12345% of them are made 
up, or have no sane correlation.

- Original Message - 
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, December 02, 2004 8:25 AM
Subject: Re: [SC-L] How do we improve s/w developer awareness? 

I have to say I find your comparison between bridge engineers and software
 engineers rather troubling.

 In response to your question:

  'Would you accept it was too hard to do a stress analysis from the
 engineer designing a bridge?'

 I think, regrettably, we probably would do these days.

 Remember that little incident in 2000 when the London millennium bridge 
 was
 closed immediately after opening due to excessive wobbling when people
 walked across it? I can't guarantee that my recollection is accurate, but
 I'm sure they were trying to put this down to that software classic, a
 'Design feature'.

 Seems that far from Software Engineers taking the bridge engineers
 approach, we may be seeing the exact reverse happening. :-)

 --
 Graham Coles.



[no subject]

2004-06-18 Thread der Mouse
be part of
it anyway.
Date: Thu, 17 Jun 2004 11:56:48 -0400 (EDT)
To: [EMAIL PROTECTED]
Subject: Re: [SC-L] Origins of Security Problems
In-Reply-To: [EMAIL PROTECTED]
References: [EMAIL PROTECTED]
[EMAIL PROTECTED]
X-Virus-Scanned: Secured by aspStation
Sender: [EMAIL PROTECTED]
Precedence: bulk
Mailing-List: contact [EMAIL PROTECTED] ; run by MajorDomo
List-Id: Secure Coding Mailing List sc-l.securecoding.org
List-Post: mailto:[EMAIL PROTECTED]
List-Subscribe: http://www.securecoding.org/list/
List-Unsubscribe: http://www.securecoding.org/list/
List-Help: http://www.securecoding.org/list/charter.php
List-Archive: http://lists.virus.org
Delivered-To: mailing list [EMAIL PROTECTED]
Delivered-To: moderator for [EMAIL PROTECTED]

 A significant difference from DECnet is that with TCP/IP any user on
 the system can open up a channel (to use a neutral term) to receive
 incoming traffic,

This is not so much a difference between DECnet and IP as a difference
between VMS and Unix.

/~\ The ASCIIder Mouse
\ / Ribbon Campaign
 X  Against HTML   [EMAIL PROTECTED]
/ \ Email! 7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B