[SC-L] interesting presentation

2004-03-02 Thread Jose Nazario
from dawson engler's group: http://www.stanford.edu/~engler/softmc03-talk.pdf evaluates various checkers in various settings. ___ jose nazario, ph.d. [EMAIL PROTECTED] http://monkey.org/~jose

[SC-L] opinion, ACM Queue: Buffer Overrun Madness

2004-06-08 Thread Jose Nazario
are buffer overruns. These would be minor irritations but for the world's addiction to the weakly typed programming languages C and its derivative C++. jose nazario, ph.d. [EMAIL PROTECTED] http://monkey.org/~jose/http://infosecdaily.net/

[SC-L] [paper] Model Checking One Million Lines of C Code

2004-08-20 Thread Jose Nazario
that model checking is practical and useful for detecting security weaknesses at large scale in real, legacy systems. jose nazario, [EMAIL PROTECTED] http://monkey.org/~jose/    http://infosecdaily.net/

[SC-L] Former cybersecurity czar: Code-checking tools needed

2004-12-03 Thread Jose Nazario
FYI ... jose nazario, ph.d. [EMAIL PROTECTED] http://monkey.org/~jose/http://infosecdaily.net/ http://www.computerworld.com/securitytopics/security/story/0,10801,97988,00.html By Grant Gross DECEMBER 02, 2004 IDG NEWS SERVICE WASHINGTON -- Software

Re: [SC-L] Managing the insider threat through code obfuscation

2005-12-15 Thread Jose Nazario
? the biggest threat internally isn't the one or two people per thousand who can and will do this, it's the much larger number of people who wont use exploit development techniques to access things they shouldn't. bytecode obfuscation does nothing to stop that. jose nazario, ph.d