This may be of interest to the list. I am not sure if Static Analysis
programs are allowed to participate but it would be interesting to see
how they fare.
Hiding Backdoors in plain sight
The CoreTex Competitions Team from Core Security is happy to announce
the 2nd Open Backdoor Hiding Finding
hi sc-l,
Some of us have been doing this software security thing for a long time (about
15 years in my case), and it is easy to overlook basic ideas that we believe
everybody already gets. During Cigital's internal technology fair this year, I
did a presentation on these basic truths which I
Gary McCraw wrote:
This month's informIT article covers the zombies:
[snip]
* Software security defects come in two main flavorsābugs at the
implementation level (code) and flaws at the architectural level (design)
So, two questions:
1) How is this (software *security* defects) different than
hi kevin,
I completely agree that bugs and flaws exist as two categories (with a
slippery slope between them) outside of security. It is important that we
focus on both kinds of defect since the narrative in software security has
mostly been about the bug parade. (See Getting Past the Bug Parade
