Very well said Chris. Can you explain what you mean by ". I think
SaaS based software is more easily consumed and this isn't any different for
software security"
Sent from my iPhone
On Feb 3, 2011, at 2:54 PM, Chris Wysopal wrote:
> . I think SaaS based software is more easily consumed and th
CERT has completed the development of an integer module for our "Secure Coding
in C" course. A demo course set up at http://oli.web.cmu.edu Enter the course
key: seccode
The course is open and free. If you want to use the course at your University,
College, Corporation, or other organization yo
hi arian,
Glad you liked the article.
I guess my brush was a bit too wide when it comes to dynamic testing. I
was really only referring to the Web application testing tools which in my
mind "hit the wall" for two reasons. Reason one is that they only work
over port80 and are designed to take ad
Jim,
Maybe you would have had more success if you explicitly said "in the
cloud" ;-)
- Steve
On Thu, 3 Feb 2011, Jim Manico wrote:
Chris,
I've tried to leverage Veracode in recent engagements. Here is how the
conversation went:
Jim: "Boss, can I upload all of your code to this cool Sa
On 3 February 2011 16:02, Jim Manico wrote:
> Chris,
>
> I've tried to leverage Veracode in recent engagements. Here is how the
> conversation went:
>
> Jim:
> "Boss, can I upload all of your code to this cool SaaS service for
> analysis?"
>
> Client:
> "Uh no, and next time you ask, I'm having y
Uploading code isn't an issue with software vendors because we are analyzing
the artifact that they ship to their customer anyway; the executable version of
their software, not source code. Unless of course the executable is source
code which is the case for JSP or PHP, and other scripting lan
Many of traditional benefits of SaaS: no software to install, scaling from
group to enterprise, and ease of central management, make it easier to roll out
and manage software security programs enterprise wide. The bigger and more
diverse an organization is the more these “consumption” benefit
"Breaking news. Google says not to use the cloud. Improving on-premise tools
is the future."
Sorry, I couldn't help myself. J
-Chris
From: Ben Laurie [mailto:b...@google.com]
Sent: Friday, February 04, 2011 11:34 AM
To: Jim Manico
Cc: Chris Wysopal; Secure Code Mailing List
Subject: Re: [SC-
On 4 February 2011 09:22, Chris Wysopal wrote:
>
>
> “Breaking news. Google says not to use the cloud. Improving on-premise
> tools is the future.”
>
My view is personal. However, in general, whether the cloud is a good place
for your data depends on your data and the relationship you have wit
I'm not the Chris you posed the question to but I'll answer anyway. :)
Usually the type of response you described is a knee-jerk reaction. It's a
different model than people are used to, and sometimes people are averse to
change, whether that's warranted or not. It's important to get past the
Hi Gary,
No offense taken. :) Securing Web software is a plenty big enough challenge for
me. 270+ million websites accessible to 2 billion people. And let's not even go
into the hundreds of thousands of mobile apps, which are basically all mini
webapps. After I'm done solving that problem I'll
Yeah, clear the "cloud" of confusion before talking about the cloud so to
speak. Not all SaaS offerings available today qualify to be cloud based.
Well, this thread got morphed into a cloudy discussion. Attempting to get back
on track, I would say IMHO, it's subjective whether the static analysi
That is a great question. According to Gartner, HA has the stench of
inevitability. And in general, I agree.
There are cases where dynamic and static each have clear strengths.
Pragmatic combination of of the two has promise is solving a broad
spectrum of test-cases. Additionally -HA can help impr
Hello Chris,
Thanks for replying!
I think the reaction from "my boss" was not so much knee-jerk, but a
reasonable concern. The risk of persisting intellectual property on a
cloud service is real. And that risk differs depending on your business
(as well as many other factors). I'm eager to see ve
14 matches
Mail list logo
