Re: [SC-L] What's the next tech problem to be solved in softwaresecurity?
There is one on the drawing boards about this, but don't hold your breath! I am working on it with Fabio Arciniegas. Exploiting Online Games is first, and that comes out in July. gem company www.cigital.com<http://www.cigital.com> podcast www.cigital.com/silverbullet<http://www.cigital.com/silverbullet> blog www.cigital.com/justiceleague<http://www.cigital.com/justiceleague> book www.swsec.com<http://www.swsec.com> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of McGovern, James F (HTSC, IT) Sent: Monday, June 11, 2007 10:51 AM Cc: sc-l@securecoding.org Subject: Re: [SC-L] What's the next tech problem to be solved in softwaresecurity? The next problem to be solved is moving higher up the food chain by teaching architects secure architecture principles. Would love to see Gary McGraw tackle this subject in his next book... From: [EMAIL PROTECTED] on behalf of Kenneth Van Wyk Sent: Sun 6/10/2007 9:37 AM To: Secure Coding Subject: Re: [SC-L] What's the next tech problem to be solved in softwaresecurity? First off, many thanks to all who've contributed to this thread. The responses and range of opinions I find fascinating, and I hope that others have found value in it as well. Great stuff, keep it coming. That said, I see us going towards that favorite of rat-holes here, namely the "my programming language is better than yours, nyeah!" path. Let's please avoid that. I'm confident that we've seen it enough times to know that it ends with no clear winners (but plenty of losers). Cheers, Ken - Kenneth R. van Wyk SC-L Moderator KRvW Associates, LLC http://www.KRvW.com * This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies. * ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
Re: [SC-L] What's the next tech problem to be solved in softwaresecurity?
The next problem to be solved is moving higher up the food chain by teaching architects secure architecture principles. Would love to see Gary McGraw tackle this subject in his next book... From: [EMAIL PROTECTED] on behalf of Kenneth Van Wyk Sent: Sun 6/10/2007 9:37 AM To: Secure Coding Subject: Re: [SC-L] What's the next tech problem to be solved in softwaresecurity? First off, many thanks to all who've contributed to this thread. The responses and range of opinions I find fascinating, and I hope that others have found value in it as well. Great stuff, keep it coming. That said, I see us going towards that favorite of rat-holes here, namely the "my programming language is better than yours, nyeah!" path. Let's please avoid that. I'm confident that we've seen it enough times to know that it ends with no clear winners (but plenty of losers). Cheers, Ken - Kenneth R. van Wyk SC-L Moderator KRvW Associates, LLC http://www.KRvW.com * This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies. * ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
Re: [SC-L] What's the next tech problem to be solved in softwaresecurity?
Distributed/parallel computing on multi-core processors. We already have dual-core with quad-core on the near horizon. How will we develop software to use this new computing technology. In addition to code working properly, you now have the added complexity of code running over itself - the timing and synchronization issues. It's not new - cluster computing has been around for a while and parallel computing has been around for a while - but it hasn't been in desktop level machines until recently - which brings the issues of parallel computing to a whole new and large arena of developers and users. We're going to have difficulty getting it to work right, let alone securely. Mike H. - Michael S Hines [EMAIL PROTECTED] ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___