Mon premier blog

Software Security: Building Security In Gary McGraw
Publisher: Addison-Wesley Professional

By Dan Cornell I will be up at BSides Austin 2013 in a couple of weeks. At an electronics design conference this week researchers said IT security for all sorts of medical equipment is disgraceful - Page 1. The common approach to securing applications is to try to identify and remove all of the application's security vulnerabilities at the end of the development process. Now you can find out — the Building Security In Maturity Model (BSIMM) recently went public. The rumored proposal is a tremendous blow to security and privacy and is based on the FBI's complaint that it is "Going Dark," or unable to listen in on Internet users' communications. If Cigital is actually ran as depicted in the book Software Security - Building Security In, I have to give kudos to Gary and the gang for making an impressive environment for software security. We have to choose one or the other. In Software Security: Building Security In, Cigital's Gray McGraw breaks software security problems down into roughly equal halves. The new proposal reportedly allows the FBI to listen in on any conversation online, regardless of the technology used, by mandating engineers build "backdoors" into communications software. @W The chance is pretty low, but if it fails all of the hardware and software depending on its security is instantly obsolete, so the overall risk is unacceptably high. On the other hand, regulators don't make it easy do patching. There is more to data center security than the software layers that handle functions like log-on and authentication. We urge EFF supporters to tell the provisionally called CALEA II. This is an old debate, and one we've been through many times. When it comes to security, we have two options: We can build our systems to be as secure as possible from eavesdropping, or we can deliberately weaken their security. But with an increasing number of Building an Enterprise IT Security Training Program. One problem, apparently, is that institutions are timid about letting anyone touch the software of what are admittedly sensitive machines.