Home page logo
  • Nmap Security Scanner
  • Security Lists
  • Security Tools
  • Site News
  • Advertising
  • About/Contact
  • Sponsors:





/
securecoding logo
Secure Coding Mailing List

The Secure Coding list (SC-L) is an open forum for the discussion on developing secure applications. It is moderated by the authors of Secure Coding: Principles and Practices.

List Archives

Jan–MarApr–JunJul–SepOct–Dec
20122824
201199486820
2010155894456
20091838618676
200889705698
200719318892111
2006171156186190
2005501633449
200429720712581
2003156

Latest Posts

Call for Papers: The 7th International Conference for Internet Technology and Secured Transactions (ICITST-2012) Call for papers (May 22)
Call for Papers: The 7th International Conference for Internet
Technology and Secured Transactions (ICITST-2012)

Apologies for cross-postings.

Kindly email this call for papers to your colleagues,
faculty members and postgraduate students.

CALL FOR PAPERS

*********************************************************
Papers: The 7th International Conference for Internet Technology and
Secured Transactions (ICITST-2012)
Technical Co-Sponsored by...

MetriSec 2012 submission date is May 30th James Walden (May 14)
MetriSec 2012
8th International Workshop on
SECURITY MEASUREMENTS AND METRICS

Affiliated with the International Symposium on
Empirical Software Engineering and Measurement (ESEM)

September 21, 2012
Lund, Sweden

WORKSHOP OVERVIEW

Quantitative assessment is a major stumbling block for software and
system security. Although some security metrics exist, they are rarely
adequate. The engineering importance of metrics is intuitive: you
cannot...

Re: Re (badware vs. "goodware"): SearchSecurity: Badware versus malware Goertzel, Karen [USA] (May 14)
Agent software is all well and good.

But if you secretly implant the agents, and design them to be undetectable, and do not inform the intended user of the
system that they are there, they are spyware - and at best, unethical. And, by my definition at least, unethical = bad.

===
Karen Mercedes Goertzel, CISSP
Lead Associate
Booz Allen Hamilton
703.698.7454
goertzel_karen () bah com

"I love deadlines. I like the whooshing sound they...

Containing bad code Ben Laurie (May 13)
Given the recent discussion, I thought the list might be interested in:
http://www.links.org/?p=1242. I'm currently working on transparently
wrapping libtiff (that is, wrapping it such that the calling application is
unaware it is wrapped).

Using Capsicum For Sandboxing <http://www.links.org/?p=1242>

FreeBSD 9.0 <http://www.freebsd.org/releases/9.0R/announce.html>, released
in January 2012, has experimental
Capsicum<...

Re: SearchSecurity: Badware versus malware Tom Brennan (May 13)
OWASP Has started month awareness proble/solution see updated:
http://www.owasp.com

Point you ask...... As a united community we raise visibility for the problem that results in a ecosystem - lets make
noise about it together, monthly and globally from the builder / breaker & defender perspectives

Re: SearchSecurity: Badware versus malware Ben Laurie (May 12)
Well, it certainly does _suggest_ it: "All of the things that we do to
improve software security are aimed explicitly at the badware
problem."

It doesn't say it, though, I agree.

Re: SearchSecurity: Badware versus malware Gary McGraw (May 12)
The article does not suggest otherwise.

gem

Re: SearchSecurity: Badware versus malware Ben Laurie (May 11)
Fixing badware universally would plug one hole - and it's certainly a
hole worth plugging. But it won't eliminate malware - it seems it is
not hard to persuade users to install it for you, for example.

MoST 2012 (SPW) registration Larry Koved (May 11)
On behalf of the workshop co-chairs and program chair, we would like to
invite you participate in the Mobile Security Technologies (MoST)
Workshop.

The workshop will be held at the The Westin St. Francis Hotel, San
Francisco.

Workshop registration site:
http://www.regonline.com/Register/Checkin.aspx?EventID=1072068

MoST is part of the Security and Privacy Workshops (SPW)
event (http://www.ieee-security.org/TC/SPW2012/),
co-located with...

Re: SearchSecurity: Badware versus malware Goertzel, Karen [USA] (May 11)
In other words, flaws and defects caused through developer error, ignorance, negligence etc. can be exploited to cause
harm. So even if one could prevent actual intentional malicious inclusions in software, one hasn't eliminated the
problem of exploitable flawed logic.

The megachallenge, of course, is looking for what one doesn't actually know is there. Which is why software security
testing is so hard.

===
Karen Mercedes Goertzel,...

Re: SearchSecurity: Badware versus malware Peter G. Neumann (May 10)
The differences are marginal.

My book has a pervasive theme:
Many things that could happen accidentally could be triggered
intentionally.
Many things that happen intentionally could be triggered accidentally.

Trying to reduce one without the other may be foolhardy in most realistic
threat models.

Breakpoint 2012 Call For Papers cfp (May 10)
. ______________________________________
._\\. Breakpoint 2012 (___.
: Intercontinental Rialto :
: Melbourne, Australia :
: October 17th-18th :
:__ . ___:
)____________________________________\\...

SearchSecurity: Badware versus malware Gary McGraw (May 08)
hi sc-l,

What’s worse, bad software or malicious software? In fact, what’s the difference?

My second column for SearchSecurity is all about that. Read it today. And pass it on.
http://searchsecurity.techtarget.com/opinion/Gary-McGraw-Eliminating-badware-addresses-malware-problem

Bottom line: Talking about malware may be more fun and entertaining than talking about endless security bugs, but if
we’re going to combat malware we have to...

c0c0n 2012 CFP - Extended Deadline: May 15, 2012 c0c0n International Information Security Conference (May 08)
c0c0n 2012 CFP - Extended Deadline: May 15, 2012

Thanks to everyone for all the paper submissions. The CFP Review Committee
will be evaluating the same for selection. Based on the requests received,
we are extending the CFP deadline to May 15, 2012 in the hope of receiving
few more paper submissions.

####################################################
c0c0n 2012 - Call For Papers and Call For Workshops...

Silver Bullet 73: Robert Vamosi Gary McGraw (May 04)
hi sc-l,

This morning we released episode 73 of Silver Bullet. The new show is an interview with Robert Vamosi. Robert is a
well-known security reporter, having worked for a bunch of esteemed publications including Forbes, c!net, and
threatpost. Robert also wrote a book called "When Gadgets Betray Us" which many of you will find interesting. Have a
listen:
http://www.cigital.com/silver-bullet/show-073/

As always, thanks to...

More Lists

Dozens of other network security lists are archived at SecLists.Org.


[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]