Home page logo

securecoding logo Secure Coding mailing list archives

Flame provides an opportunity
From: Gary McGraw <gem () cigital com>
Date: Wed, 30 May 2012 08:36:57 -0400

hi sc-l,

Whenever a computer security disaster story breaks (pretty much the only kind of coverage cyber security can expect in 
the major press) we have an opportunity (while people are paying attention) to talk about how to avoid future 
disasters.  If we're lucky, we can leverage "the NASCAR effect" 
<http://www.darkreading.com/security/application-security/208803559/if-you-build-it-they-ll-crash-it.html> to discuss 
software security.

In my view, the only way we can get in front of modern malware is by building security in.  I wrote about that for 
SearchSecurity in May: Eliminating badware addresses malware problem 
<http://searchsecurity.techtarget.com/opinion/Gary-McGraw-Eliminating-badware-addresses-malware-problem> (May 2012).

Some of the Flame dustup in the press this week riffed on that idea and even mentioned the BSIMM (in the WSJ CIO 

Also check out a related radio segment from Marketplace (aired on NPR):

It actually works to use the NASCAR effect to get our message out!


company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book www.swsec.com

Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates

  By Date           By Thread  

Current thread:
  • Flame provides an opportunity Gary McGraw (May 31)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]