Home page logo
/
securecoding logo
Secure Coding Mailing List

The Secure Coding list (SC-L) is an open forum for the discussion on developing secure applications. It is moderated by the authors of Secure Coding: Principles and Practices.

List Archives

Jan–MarApr–JunJul–SepOct–Dec
2014256
201344323213
201228302815
201199486820
2010155894456
20091838618676
200889705698
200719318892111
2006171156186190
2005501633449
200429720712581
2003156

Latest Posts

WEB 2.0 SECURITY AND PRIVACY 2014 WORKSHOP CALL FOR PAPERS - Call for Participation Larry Koved (Apr 15)
http://w2spconf.com/2014/

WEB 2.0 SECURITY AND PRIVACY 2014 WORKSHOP CALL FOR PAPERS

IMPORTANT DATES

Workshop date: Sunday, May 18, 2014

W2SP brings together researchers, practitioners, web programmers, policy
makers, and others interested in the latest understanding and advances in
the security and privacy of the web, browsers, cloud, mobile and their
eco-system. We have had seven years of successful W2SP workshops. This
year, we will...

CFP: Mobile Security Technologies (MoST) 2014 - Call for Participation Larry Koved (Apr 15)
http://mostconf.org/2014/cfp.html

Mobile Security Technologies (MoST) 2014

Saturday May 17, 2014

co-located with
The 34th IEEE Symposium on Security and Privacy (IEEE S&P 2014)
an event of
The IEEE Computer Society's Security and Privacy Workshops (SPW 2014)

Mobile Security Technologies (MoST) brings together researchers,
practitioners, policy makers, and hardware and software developers of
mobile systems to explore the...

Silver Bullet 96: Nate Fick, CEO of Endgame (and combat veteran) Gary McGraw (Apr 04)
hi sc-l,

Nate Fick is an interesting man. He has a classics degree from Dartmouth, where he is now a Trustee. He served combat
tours in Afghanistan and Iraq, resulting in the book “One Bullet Away” and the HBO series “Generation Kill.” He served
as the CEO of an important new think thank, the Center for New American Security. While he was at CNAS, we wrote this:
http://www.cigital.com/papers/download/mcgraw-fick-CNAS.pdf And then...

Re: [External] Firewalls, Fairy Dust, and Forensics Gary McGraw (Apr 04)
hi karen,

Good point, and one that I usually make! I agree.

gem

Re: [External] Firewalls, Fairy Dust, and Forensics Goertzel, Karen [USA] (Apr 04)
The one point that's missing from the article is to remind people: What the heck do you think firewalls are made of?
Software! So unless a software manufacturer has got "software security religion", their product is just as likely to be
"broken" inside than the things it allegedly protects.

===
Karen Mercedes Goertzel, CISSP
Lead Associate
Booz Allen Hamilton
703.698.7454
goertzel_karen () bah com

"I love...

Firewalls, Fairy Dust, and Forensics Gary McGraw (Apr 01)
hi sc-l,

Ever get discouraged that we have not been making enough progress in software security? Well, we have been making
plenty of progress and our field is growing fast! This peppy little article (co-authored with Sammy Migues) explains
why firewalls, fairy dust, and forensics are not working out for computer security.

Oh, and software security is growing at 20% CAGR and now accounts for 10% of the computer security market (which is...

IEEE Computer article Gary McGraw (Mar 26)
hi sc-l,

I was asked to write an article for IEEE Computer’s security column this month. It’s about software security.

Security Fatigue? Shift Your Paradigm<http://www.cigital.com/presentations/mco2014030081.pdf>, (IEEE Computer Society,
March 2014)

As always, your feedback is welcome. You can find many of my writings here: http://www.cigital.com/~gem/writings/

gem

company www.cigital.com
podcast www.cigital.com/silverbullet...

c0c0n 2014 | The cy0ps c0n - Call For Papers & Call For Workshops c0c0n International Information Security Conference (Mar 26)
            ___        ___          ___   ___  __ _  _   
           / _ \      / _ \        |__ \ / _ \/_ | || | 
       ___| | | | ___| | | |_ __      ) | | | || | || |_
      / __| | | |/ __| | | | '_ \    / /| | | || |__   _|
     | (__| |_| | (__| |_| | | | |  / /_| |_| || |  | | 
      \___|\___/ \___|\___/|_| |_| |____|\___/ |_|  |_| 
                           ...

Paul dot com podcast on #swsec at 6pm EST Gary McGraw (Mar 20)
hi sc-l,

Tonight at 6pm EST I will be participating in a paul dot com webcast and talking all things software security. Please
tune in if you can, and spread the word!

http://securityweekly.com/watch

gem

company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book www.swsec.com

CFP: WEB 2.0 SECURITY AND PRIVACY 2014 WORKSHOP CALL FOR PAPERS - Deadline extension to March 5 Larry Koved (Mar 09)
WEB 2.0 SECURITY AND PRIVACY 2014 WORKSHOP CALL FOR PAPERS

IMPORTANT DATES
Paper submission deadline: March 5, 2014 (11:59pm US-PST)
Workshop acceptance notification date: March 29, 2014
Workshop date: Sunday, May 18, 2014
Workshop paper submission web site:
https://www.easychair.org/conferences/?conf=w2sp2014

W2SP brings together researchers, practitioners, web programmers, policy
makers, and others interested in the latest understanding...

CFP: Mobile Security Technologies (MoST) 2014 - Deadline extended to March 10 Larry Koved (Mar 09)
http://mostconf.org/2014/cfp.html

Mobile Security Technologies (MoST) 2014

co-located with
The 34th IEEE Symposium on Security and Privacy (IEEE S&P 2014)
an event of
The IEEE Computer Society's Security and Privacy Workshops (SPW 2014)

Mobile Security Technologies (MoST) brings together researchers,
practitioners, policy makers, and hardware and software developers of
mobile systems to explore the latest understanding and...

Silver Bullet 95: Charlie Miller Gary McGraw (Feb 28)
hi sc-l,

Greetings from RSA, where the show gets underway today. I hope to see some sc-l readers out here. (Come see us duing
the show https://www.cigital.com/blog/2014/01/rsa-2014/.)

Episode 95 of silver bullet features a conversation with Charie Miller, who now works at Twitter as a security
engineer. Charlie is well known for his spectacular Apple hacks. Lately, he has turned his attention to cars. We
talk about fuzzing, exploit...

CFP: Mobile Security Technologies (MoST) 2014 Larry Koved (Feb 19)
http://mostconf.org/2014/cfp.html

Mobile Security Technologies (MoST) 2014

co-located with
The 34th IEEE Symposium on Security and Privacy (IEEE S&P 2014)
an event of
The IEEE Computer Society's Security and Privacy Workshops (SPW 2014)

Mobile Security Technologies (MoST) brings together researchers,
practitioners, policy makers, and hardware and software developers of
mobile systems to explore the latest understanding and...

Final CFP: WEB 2.0 SECURITY AND PRIVACY 2014 WORKSHOP CALL FOR PAPERS Larry Koved (Feb 19)
WEB 2.0 SECURITY AND PRIVACY 2014 WORKSHOP CALL FOR PAPERS

IMPORTANT DATES
Paper submission deadline: February 26, 2014 (11:59pm US-PST)
Workshop acceptance notification date: March 29, 2014
Workshop date: Sunday, May 18, 2014
Workshop paper submission web site:
https://www.easychair.org/conferences/?conf=w2sp2014

W2SP brings together researchers, practitioners, web programmers, policy
makers, and others interested in the latest understanding...

FYI: OWASP CISO Survey Report 2013 Released Tobias (Feb 14)
Hello dear secure coding fellows,

just fyi: OWASP just released the OWASP CISO Survey Report 2013 Version
1.0 <https://www.owasp.org/index.php/OWASP_CISO_Survey>.
/Among application security stakeholders, Chief Information Security
Officers (CISOs),are responsible for application security from
governance, compliance and risk perspectives. The OWASP CISO Survey
provides tactical intelligence about security risks and best practices
to help...

More Lists

Dozens of other network security lists are archived at SecLists.Org.


[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]