Home page logo
/
securecoding logo
Secure Coding Mailing List

The Secure Coding list (SC-L) is an open forum for the discussion on developing secure applications. It is moderated by the authors of Secure Coding: Principles and Practices.

List Archives

Jan–MarApr–JunJul–SepOct–Dec
2014251412
201344323213
201228302815
201199486820
2010155894456
20091838618676
200889705698
200719318892111
2006171156186190
2005501633449
200429720712581
2003156

Latest Posts

Silver Bullet 102: Richard Danzig Gary McGraw (Sep 21)
hi sc-l,

The 102nd monthly episode of the Silver Bullet podcast features a conversation with Richard Danzig. Richard is a very
accomplished leader who served as Secretary of the Navy (among other powerful positions). He is currenty a member of
the Board of the Center for a New American Security. Richard is attempting in his recent work to bridge the gap
between technologists and Washington policy makers when it comes to cybersecurity....

IEEE Center for Secure Design [searchsecurity and silver bullet] Gary McGraw (Aug 27)
hi sc-l,

This evening in SF we are officially launching the IEEE Center for Seure Design with a small event including security
people and press. Jim DelGrosso and I will make a short presentation about the CSD during the launch.

I devoted both of my monthly pieces (Silver Bullet and SearchSecurity) to the CSD this month.

Please check out this article and pass it on:
http://bit.ly/CSD-SS <...

Silver Bullet Episode 100 (!!): Cigital's Principals Gary McGraw (Jul 23)
hi sc-l,

Thanks for listening to the Silver Bullet Security Podcast for the eight 1/3 years it has been produced. Each episode
has been downloaded over 10,787 times on average with over 1,067,948 downloads for the podcast as a whole. That's lots
of listening!

To celebrate our 100 months in a row landmark, we shot a live video version of Silver Bullet at the Cigital Tech Fair
this month. The episode features Cigital’s Principals,...

Ruxcon 2014 Final Call For Presentations cfp (Jul 15)
Ruxcon 2014 Call For Presentations
Melbourne, Australia, October 11th-12th
CQ Function Centre

http://www.ruxcon.org.au

The Ruxcon team is pleased to announce the Final Call For Presentations for Ruxcon 2014.

This year the conference will take place over the weekend of the 11th and 12th of October at the CQ Function Centre,
Melbourne, Australia.

The deadline for submissions is the 15th of September, 2014.

.[x]. About Ruxcon .[x].

Ruxcon is...

Re: [External] Re: SearchSecurity: Medical Devices and Software Security Gary McGraw (Jul 08)
hi sc-l,

FWIW, I wrote about mdeical device security first in 1998 in the book
³Software Fault Injection.² Our little article was merely meant as a
reminder and to let you all know that some medical device manufacturers
are actually doing analysis.

gem

Re: [External] Re: SearchSecurity: Medical Devices and Software Security Goertzel, Karen [USA] (Jul 07)
Another big frustration: No-one seems to be making any real headway into the problem of actually measuring loss
attributable to doing nothing - or, in other words, losses cradle to grave from operating insufficiently secure
systems. People try to measure "ROI" from security, which is a ridiculous concept because it involves trying to measure
a negative - i.e., this is how many times we DIDN'T lose $n - can't be done - or...

Re: [External] Re: SearchSecurity: Medical Devices and Software Security Jeffrey Walton (Jul 07)
https://en.wikipedia.org/wiki/Therac-25 FTW!

+1. Dr. Geer has already warned about it at
http://www.lawfareblog.com/2014/04/heartbleed-as-metaphor/. Can you
imagine the IoT, with medical devices and avionics packages, running
around with little to no testing and little more that the browser
security model. Clear the cache to erase the evidence!!!

This is a political problem rooted in software liability laws (or lack
thereof). Too many carrots,...

Re: SearchSecurity: Medical Devices and Software Security Jeremy Epstein (Jul 07)
Agree with you - there's nothing new in the article. I gave a talk a
couple years ago at a conference on biomedical engineering, and there was
one person in the room (out of a few hundred) who had heard of Therac-25.
(Which I assume is what you were referring to with 1985.)

If the article were instead published in a medical device or biomedical
engineering journal, that would be something different. But as you say,
putting it in on...

Re: [External] Re: SearchSecurity: Medical Devices and Software Security Goertzel, Karen [USA] (Jul 07)
Ever since I read an article about the challenges of remote laser surgery being done by doctors at the Naval Hospital
in Bethesda, MD, via satellite link on wounded soldiers in Iraq, I've been warning for years about the need to apply
software assurance principles to the development and testing - and SCRM to the acquisition - of medical devices and
their embedded software. I'm delighted to see someone with your influence start...

Re: SearchSecurity: Medical Devices and Software Security security curmudgeon (Jul 07)
: Chandu Ketkar and I wrote an article about medical device security based
: on a talk Chandu gave at Kevin Fu?s Archimedes conference in Ann Arbor.
: In the article, we discuss six categories of security defects that
: Cigital discovers again and again when analyzing medical devices for our
: customers. Have a look and pass it on:
:
: http://bit.ly/1pPH56p
:
: As always, your feedback is welcome.

Per your request, my feedback:

Why do...

Silver Bullet 99: Michael Hicks Gary McGraw (Jul 03)
hi sc-l,

Silver Bullet Security Podcast number 99 (99 months in a row!!) was just posted. This episode features a programming
languages smorgasbord with Michael Hicks, professor of CS and security at University of Maryland. We talk type safety,
closure, why C is bad, what makes dynamic languages like Javascript problematic, and so on. If you like programming
languages talk, you’ll dig this episode.

Have a listen:...

SearchSecurity: Medical Devices and Software Security Gary McGraw (Jul 03)
hi sc-l,

Chandu Ketkar and I wrote an article about medical device security based on a talk Chandu gave at Kevin Fu’s Archimedes
conference in Ann Arbor. In the article, we discuss six categories of security defects that Cigital discovers again
and again when analyzing medical devices for our customers. Have a look and pass it on:

http://bit.ly/1pPH56p

As always, your feedback is welcome.

gem

company www.cigital.com
podcast...

c0c0n 2014 CFP - Extended Deadline: 7 June, 2014 c0c0n International Information Security Conference (Jun 06)
Thanks to everyone for all the paper submissions. The CFP Review Committee
will be evaluating the same for selection. Based on the requests received,
we are extending the CFP deadline to June 7 midnight, 2014 in the
hope of receiving few more paper submissions. 

            ___        ___          ___   ___  __ _  _   
           / _ \      / _ \        |__ \ / _ \/_ | || |
       ___| | | | ___| | | |_...

Silver Bullet 98: Bart MIller Gary McGraw (Jun 06)
hi sc-l,

Bart Miller, computer science professor from Wisconsin, coined the term fuzz testing in 1990. He also is the PI for
the DHS SWAMP---a software assurance marketplace of sorts. Bart knows a ton abiut software analysis.

In episode 98 of Silver Bullet, we geek out about software security, hearbleed, fuzz testing. fault injection, and
instrumenting binary code as it runs. Have a listen: http://www.cigital.com/silver-bullet/show-098/...

Breakpoint 2014 Call For Presentations cfp (May 07)
Breakpoint 2014 Call For Papers
Melbourne, Australia, October 8th-9th
Intercontinental Rialto
http://www.ruxconbreakpoint.com

.[x]. Introduction .[x].

The Ruxcon team is pleased to announce Call For Papers for Breakpoint 2014.

Breakpoint showcases the work of expert security researchers from around the
world on a wide range of topics. This conference is organised by the Ruxcon
team and offers a specialised security conference to...

More Lists

Dozens of other network security lists are archived at SecLists.Org.


[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault