Anybody heard of Von Neumann probes? Google it. Then imagine what might
happen if we (humans) employ the same (p*ss) poor programming discipline we do
today into something like that. Fun to ruminate on.
Chris McCown *
Intel Corp
-Original Message-
From: sc-l-boun...@secu
It's probably worth mentioning that the statistics are for OTS software.
What keeps me awake at night (other than the usual trivialities) is the
volume and severity of flaws/bugs in software that companies have
developed or customized in-house/internally. It gets more complicated
when these apps a
What do you tell a C-level exec in terms of h/c and time it will take to
fix web app vulnerabilities discovered in a website?
X number of vulnerabilities = Y h/c and Z time.
Of course there's a host of factors/variables involved that could wind
up looking like actuarial tables or DNA sequ
What are folks' experiences with software security training for
developers? By this, I'm referring to teaching developers how to write
secure code. Ex. things like how to actually code input validation
routines, what "evil" functions and libraries to avoid, how to handle
exceptions without divul