Secure Coding

Call for Papers: The 7th International Conference for Internet Technology and Secured Transactions (ICITST-2012)

Wed, 23 May 2012 06:52:12 GMT

Posted by Call for papers on May 22

Call for Papers: The 7th International Conference for Internet
Technology and Secured Transactions (ICITST-2012)

Apologies for cross-postings.

Kindly email this call for papers to your colleagues,
faculty members and postgraduate students.

CALL FOR PAPERS

*********************************************************
Papers: The 7th International Conference for Internet Technology and
Secured Transactions (ICITST-2012)
Technical Co-Sponsored by...

MetriSec 2012 submission date is May 30th

Mon, 14 May 2012 17:16:35 GMT

Posted by James Walden on May 14

MetriSec 2012
8th International Workshop on
SECURITY MEASUREMENTS AND METRICS

Affiliated with the International Symposium on
Empirical Software Engineering and Measurement (ESEM)

September 21, 2012
Lund, Sweden

WORKSHOP OVERVIEW

Quantitative assessment is a major stumbling block for software and
system security. Although some security metrics exist, they are rarely
adequate. The engineering importance of metrics is intuitive: you
cannot...

Re: Re (badware vs. "goodware"): SearchSecurity: Badware versus malware

Mon, 14 May 2012 17:01:12 GMT

Posted by Goertzel, Karen [USA] on May 14

Agent software is all well and good.

But if you secretly implant the agents, and design them to be undetectable, and do not inform the intended user of the
system that they are there, they are spyware - and at best, unethical. And, by my definition at least, unethical = bad.

===
Karen Mercedes Goertzel, CISSP
Lead Associate
Booz Allen Hamilton
703.698.7454
goertzel_karen () bah com

"I love deadlines. I like the whooshing sound they...

Containing bad code

Sun, 13 May 2012 15:07:51 GMT

Posted by Ben Laurie on May 13

Given the recent discussion, I thought the list might be interested in:
http://www.links.org/?p=1242. I'm currently working on transparently
wrapping libtiff (that is, wrapping it such that the calling application is
unaware it is wrapped).

Using Capsicum For Sandboxing <http://www.links.org/?p=1242>

FreeBSD 9.0 <http://www.freebsd.org/releases/9.0R/announce.html>, released
in January 2012, has experimental
Capsicum<...

Re: SearchSecurity: Badware versus malware

Sun, 13 May 2012 14:21:41 GMT

Posted by Tom Brennan on May 13

OWASP Has started month awareness proble/solution see updated:
http://www.owasp.com

Point you ask...... As a united community we raise visibility for the problem that results in a ecosystem - lets make
noise about it together, monthly and globally from the builder / breaker & defender perspectives

Re: SearchSecurity: Badware versus malware

Sat, 12 May 2012 16:48:31 GMT

Posted by Ben Laurie on May 12

Well, it certainly does _suggest_ it: "All of the things that we do to
improve software security are aimed explicitly at the badware
problem."

It doesn't say it, though, I agree.

Re: SearchSecurity: Badware versus malware

Sat, 12 May 2012 16:37:20 GMT

Posted by Gary McGraw on May 12

The article does not suggest otherwise.

gem

Re: SearchSecurity: Badware versus malware

Fri, 11 May 2012 18:35:19 GMT

Posted by Ben Laurie on May 11

Fixing badware universally would plug one hole - and it's certainly a
hole worth plugging. But it won't eliminate malware - it seems it is
not hard to persuade users to install it for you, for example.

MoST 2012 (SPW) registration

Fri, 11 May 2012 14:34:30 GMT

Posted by Larry Koved on May 11

On behalf of the workshop co-chairs and program chair, we would like to
invite you participate in the Mobile Security Technologies (MoST)
Workshop.

The workshop will be held at the The Westin St. Francis Hotel, San
Francisco.

Workshop registration site:
http://www.regonline.com/Register/Checkin.aspx?EventID=1072068

MoST is part of the Security and Privacy Workshops (SPW)
event (http://www.ieee-security.org/TC/SPW2012/),
co-located with...

Re: SearchSecurity: Badware versus malware

Fri, 11 May 2012 14:22:19 GMT

Posted by Goertzel, Karen [USA] on May 11

In other words, flaws and defects caused through developer error, ignorance, negligence etc. can be exploited to cause
harm. So even if one could prevent actual intentional malicious inclusions in software, one hasn't eliminated the
problem of exploitable flawed logic.

The megachallenge, of course, is looking for what one doesn't actually know is there. Which is why software security
testing is so hard.

===
Karen Mercedes Goertzel,...

Re: SearchSecurity: Badware versus malware

Thu, 10 May 2012 15:30:51 GMT

Posted by Peter G. Neumann on May 10

The differences are marginal.

My book has a pervasive theme:
Many things that could happen accidentally could be triggered
intentionally.
Many things that happen intentionally could be triggered accidentally.

Trying to reduce one without the other may be foolhardy in most realistic
threat models.

Breakpoint 2012 Call For Papers

Thu, 10 May 2012 15:15:29 GMT

Posted by cfp on May 10

. ______________________________________
._\\. Breakpoint 2012 (___.
: Intercontinental Rialto :
: Melbourne, Australia :
: October 17th-18th :
:__ . ___:
)____________________________________\\...

SearchSecurity: Badware versus malware

Tue, 08 May 2012 12:48:48 GMT

Posted by Gary McGraw on May 08

hi sc-l,

What’s worse, bad software or malicious software? In fact, what’s the difference?

My second column for SearchSecurity is all about that. Read it today. And pass it on.
http://searchsecurity.techtarget.com/opinion/Gary-McGraw-Eliminating-badware-addresses-malware-problem

Bottom line: Talking about malware may be more fun and entertaining than talking about endless security bugs, but if
we’re going to combat malware we have to...

c0c0n 2012 CFP - Extended Deadline: May 15, 2012

Tue, 08 May 2012 12:33:33 GMT

Posted by c0c0n International Information Security Conference on May 08

c0c0n 2012 CFP - Extended Deadline: May 15, 2012

Thanks to everyone for all the paper submissions. The CFP Review Committee
will be evaluating the same for selection. Based on the requests received,
we are extending the CFP deadline to May 15, 2012 in the hope of receiving
few more paper submissions.

####################################################
c0c0n 2012 - Call For Papers and Call For Workshops...

Silver Bullet 73: Robert Vamosi

Fri, 04 May 2012 17:28:25 GMT

Posted by Gary McGraw on May 04

hi sc-l,

This morning we released episode 73 of Silver Bullet. The new show is an interview with Robert Vamosi. Robert is a
well-known security reporter, having worked for a bunch of esteemed publications including Forbes, c!net, and
threatpost. Robert also wrote a book called "When Gadgets Betray Us" which many of you will find interesting. Have a
listen:
http://www.cigital.com/silver-bullet/show-073/

As always, thanks to...