[EMAIL PROTECTED]
From: Peter Amey [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sender: [EMAIL PROTECTED]
Precedence: bulk
Mailing-List: contact [EMAIL PROTECTED] ; run by MajorDomo
List-Id: Secure Coding Mailing List sc-l.securecoding.org
List-Post: mailto:[EMAIL PROTECTED]
List-Subscribe:
George Capehart wrote:
Yes, assuming management cares . . . and that's *my* broken record . . .
:)
If the tone of my comments was a bit harsh, it is most emphatically not
intended to be directed at your thoughts. It is only because of my
intense frustration with the situation. When Management
I've been trying to get IT Auditors and the Audit community in general to apply
the same
due dilligence to operating systems (infrastructure or general controls) that
they apply
to applications systems testing.
I'm not aware of anyone in the IT Audit community doing OS audits - to verify
that
to one major company as we
email
each other on issues.
Regards,
George
Greenarrow1
InNetInvestigations-Forensics
- Original Message -
From: George Capehart [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, November 28, 2004 5:18 PM
Subject: Re: [SC-L] How do we improve s/w developer
Changing liability laws on the other hand is a simple solution.
But at what price? It would kill off open source completely, as far as
I can see, in the jurisdiction(s) in question. (How many open source
projects could afford to defend a liability suit even if they (a)
wanted to and (b) had a
cc: [EMAIL PROTECTED]
Sent by: Subject: Re: [SC-L] How do we
improve s/w developer awareness? [Virus Checked]
[EMAIL PROTECTED
each other on issues.
Regards,
George
Greenarrow1
InNetInvestigations-Forensics
- Original Message -
From: George Capehart [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, November 28, 2004 5:18 PM
Subject: Re: [SC-L] How do we improve s/w developer awareness?
On Thursday 11
On Thursday 11 November 2004 10:26, Kenneth R. van Wyk allegedly wrote:
Greetings,
In my business travels, I spend quite a bit of time talking with
Software Developers as well as IT Security folks. One significant
different that I've found is that the IT Security folks, by and
large, tend
On Thu, Nov 11, 2004 at 04:56:20PM -0500, ljknews wrote:
At 2:48 PM -0500 11/11/04, Paco Hope wrote:
On 11/11/04 11:46 AM, ljknews [EMAIL PROTECTED] wrote:
As a software developer, I care about such issues, but the compiliations
you list are largely not applicable to the operating system
: Secure Coding Mailing List [EMAIL PROTECTED]
Sent: Friday, November 12, 2004 6:58 AM
Subject: Re: [SC-L] How do we improve s/w developer awareness?
Making software secure should be a requirement of the development
process. I've had the priviledge to have worked on some very good
projects
I think we have to go one step further.
Its nice to know what the attack patterns are. A better thing to do is to know how to identify them
during threat modeling, and then apply safeguards to mitigate the risk. ie: We need a merge of
thoughts from Exploiting Software and Building Secure
11 matches
Mail list logo
