Home page logo
/
securecoding logo
Secure Coding Mailing List

The Secure Coding list (SC-L) is an open forum for the discussion on developing secure applications. It is moderated by the authors of Secure Coding: Principles and Practices.

List Archives

Jan–MarApr–JunJul–SepOct–Dec
20134419
201228302815
201199486820
2010155894456
20091838618676
200889705698
200719318892111
2006171156186190
2005501633449
200429720712581
2003156

Latest Posts

SearchSecurity: BSIMM4 Gary McGraw (May 11)
hi sc-l,

Sammy Migues, Jacob West and I wrote an introductory article about BSIMM4 for SearchSecurity. It was just posted on
SearchSecurity: http://bit.ly/11qlIBi
(or http://searchsecurity.techtarget.com/feature/BSIMM4-measures-and-advances-secure-application-development)

This article provides a great way to get up to speed on the BSIMM project in its BSIMM4 instantiation. The BSIMM
Community is expanding rapidly, and we're looking...

Ruxcon 2013 Call For Papers cfp (May 08)
Ruxcon 2013 Call For Presentations
Melbourne, Australia, October 26th-27th
CQ Function Centre
http://www.ruxcon.org.au/call-for-papers/

The Ruxcon team is pleased to announce the Call For Presentations for Ruxcon 2013.

This year the conference will take place over the weekend of the 26th and 27th
of October at the CQ Function Centre, Melbourne, Australia.

.[x]. About Ruxcon .[x].

Ruxcon is ia premier technical computer security conference...

Silver Bullet 85:Mobile Security with Jim Routh and Scott Matsumoto Gary McGraw (May 03)
hi sc-l,

Is mobile security a brand new day or the same old same old? The answer depends on how you look at the problem. If
you are a practitioner in the trenches, there are many new and interesting shiny bits to mobile security. If you are a
security veteran, things look very familiar. In this episode of Silver Bullet, Jim Routh, Scott Matsumoto and I take
on the Necker Cube of mobile security. Jim Routh is the ultimate security...

CFP: Workshop on Risk Perception in IT Security and Privacy Larry Koved (May 03)
Workshop on Risk Perception in IT Security and Privacy

A workshop of the Symposium On Usable Privacy and Security (SOUPS)
http://cups.cs.cmu.edu/soups/2013/

For full details, please see: http://cups.cs.cmu.edu/soups/2013/risk.html

This workshop is an opportunity to bring together researchers and
practitioners to share experiences, concerns and ideas about how to
address the gap between user perception of IT risks and security /...

W2SP 2013 - Web 2.0 Security and Privacy workshop - call for participation Larry Koved (May 03)
Only three weeks until the workshop.

Call for participation!

The workshop and program chairs invite you to participate in the 7th W2SP
workshop.

The goal of this one-day workshop is to bring together researchers and
practitioners from academia and industry to focus on understanding Web
security and privacy issues, and to establish new collaborations in these
areas.

The list of this year's accepted papers / presentations can be found...

MoST 2013 - Mobile Security and Technology workshop - call for participation Larry Koved (May 03)
Three weeks until the workshop.

Call for participation!

The workshop and program chairs invite you to participate in the 2nd MoST
workshop.

Mobile Security Technologies (MoST) brings together researchers,
practitioners, policy makers, and hardware and software developers of
mobile systems to explore the latest understanding and advances in the
security and privacy for mobile devices, applications, and systems.

The list of this year's...

Breakpoint 2013 Call For Papers cfp (May 01)
Breakpoint 2013 Call For Papers
Melbourne, Australia, October 24th-25th
Intercontinental Rialto
http://www.ruxconbreakpoint.com

.[x]. Introduction .[x].

The Ruxcon team is pleased to announce Call For Papers for Breakpoint 2013.

Breakpoint showcases the work of expert security researchers from around the
world on a wide range of topics. This conference is organised by the Ruxcon
team and offers a specialised security conference to...

Re: BSIMM Diagrams Craig Heath (Apr 23)
Thanks Ivan! Unfortunately I wasn't able to look at this straight away,
and when I go to the link now I get "ME-ERR-002 Sorry, we couldn't find the
page you were looking for."

Would you be able to put it up again?

Cheers!

- Craig.

Comparing a firm's BSIMM measurement against a benchmark Iván Arce (Apr 20)
Hello

I've updated the BSIMM visualizations I posted about yesterday.

Here are two sample visualizations to compare a firm's measurement
against a benchmark ("Earth").

The first one uses the size of the boxes to indicate how prevalent is
the activity (percentage of firms where the activity was observed) and
color to indicate that the activity was observed at the firm.

http://www-958.ibm.com/v/298285

In the second treemap...

Re: BSIMM Diagrams Daniel Halber (Apr 19)
Thanks for sharing Ivan,
However, java in the browser is not acceptable, so could you please find
another way to share the visualization tool please?
This may not be an easy request to fulfill since I would not launch any
executable code (java or otherwise), without a minimal level of assurance...

Best regards,

Daniel Halber
daniel.halber () gmail com

------------------------------
*From*: Iván Arce <ivan.w.arce () gmail com>
*Date*:...

Re: BSIMM Diagrams Iván Arce (Apr 19)
oh I forgot to mention. The treemap example sent previously isn't useful
for comparison against a benchmark. It is useful for comparing a firm's
score against the overall model with finer granularity that a radial
graph but less detail than a Sammy Migues' "equalizer graph".

I'm working on a treemap useful for comparing against a benchmark.

-ivan

Re: BSIMM Diagrams Iván Arce (Apr 18)
Here's a treemap visualization of the same BSIMM measurement from Craig
Heath's blogpost.

http://www-958.ibm.com/v/297862

The ordering I've found most useful is Domain->Maturity Level->Practice
with the area of rectangular boxes based on the total coun tof
activities in each (practice,level) combination and coloring based on
count of observed activities. Level->domin-Practice seems useful too.
The data file I used is...

Dennis Fisher: How I Got Here podcast series Gary McGraw (Apr 17)
hi sc-l,

I just recorded a "How I Got Here" podcast with Dennis Fisher. I absolutely love the format. Lots of stuff about why
I think the way I do. And lots of stuff about software security (of course). Hope you like it!

http://threatpost.com/en_us/blogs/how-i-got-here-gary-mcgraw-041513
or
http://bit.ly/ZWFFI2

Your feedback is always welcome.

gem

company www.cigital.com
podcast www.cigital.com/silverbullet
blog...

W2SP 2013 - Web 2.0 Security and Privacy workshop Larry Koved (Apr 12)
Call for participation!

The workshop and program chairs invite you to participate in the 7th W2SP
workshop.

The goal of this one-day workshop is to bring together researchers and
practitioners from academia and industry to focus on understanding Web
security and privacy issues, and to establish new collaborations in these
areas.

The list of this year's accepted papers / presentations can be found on
the workshop home page:...

MoST 2013 - Mobile Security and Technology workshop Larry Koved (Apr 12)
Call for participation!

The workshop and program chairs invite you to participate in the 2nd MoST
workshop.

Mobile Security Technologies (MoST) brings together researchers,
practitioners, policy makers, and hardware and software developers of
mobile systems to explore the latest understanding and advances in the
security and privacy for mobile devices, applications, and systems.

The list of this year's accepted papers / presentations...

More Lists

Dozens of other network security lists are archived at SecLists.Org.


[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]