SecurityRatty: Security Retentive

Personal Plug: I'm hiring

2008-06-13 12:55:00 by Security Retentive in Security Retentive

...information security team is hiring Specifically - I'm hiring an Application Security Researcher Primary responsibilities will be Lead Research on browser security models Research new application security attacks and countermeasures Develop prototypes of security protection mechanisms for browsers and PayPal software to implement and prove...

Tags: browser security models, security, application security standards, security protection mechanisms, application security attacks, information security team, application security researcher, applications, paypal applications

Offtopic: 0xe0030005

2008-05-29 22:09:00 by Security Retentive in Security Retentive

...security note The above "dialog" would have been much better if your browser supported the draft HTML5 spec. Then I'd have been able to use the tags to make it easier to see the above as a dialog...... wow, I guess I do need that nonsensical tag after all

Tags: drive, disk drive, replacement drive, draft html5 spec, hard drive, web security note, answer, question, 0xe0030005

Notes from IEEE Web 2.0 Security and Privacy Workshop (W2SP2008)

2008-05-27 22:45:00 by Security Retentive in Security Retentive

...Security and Privacy Workshop . I figured I'd learn a few things, and also make sure that no new exploits were announced against my employer, and/or make sure we weren't the only examples people gave of problems I was pretty successful on goal #1, not 100% successful on goal #2 This post is mostly brain dump of notes about the talks...

Tags: browser, browser security models, browser project, browser security model, security models, browser security, security, web, security challenges

A Small Rant About Conference/Journal Papers and Timestamps

2008-05-12 20:18:00 by Security Retentive in Security Retentive

...information on it. January/February Edition on the ACM Queue. Which year? Hmm, can't tell can you, at least not from that page. Hell, the date at the top is the date you loaded the page, not the date of the article. More than a little frustrating Ok, rant mode off. The next post will probably be about the article above

Tags: article, awesome article, page, idea whenwhere, journals andor, mostall papers, acm queue, januaryfebruary edition, rant mode

More on Application Security Metrics

2008-05-08 20:05:00 by Security Retentive in Security Retentive

...security of software and what the appropriate metrics might be I'd been asking the Microsoft guys for a while whether they had any decent metrics to break down the difference between Architectural/Design Defects Implementation Defects I hadn't gotten good answers up to this point because measuring those internally during the development...

Tags: defects, fundamental design defects, fewer defects, architectural defects, implementation defects, security, application, security design, software developers

Metrics and Audience

2008-04-19 09:52:00 by Security Retentive in Security Retentive

...Security folks, especially software security folks that want to improve the quality of their software People who want more metrics about all things generally, the costs of security, etc. Microsoft's vulnerabilities in shipped software metric is really only targeted to audience #1. Like it or not, what customers care about, as Michael Howard...

Tags: software, software metric, software security folks, security folks, software security initiatives, security, measure software security, measure, metrics

My Favorite RSA Sessions

2008-04-12 21:58:00 by Security Retentive in Security Retentive

I spent the whole week up at the RSA conference including the Monday before attending a few pre-conference activities. If you didn't get to go but know someone who did, I thought I'd recommend a few of the sessions I found most informative. I attended more sessions than the ones below but the talks below seemed to resonate the most for me ...

Tags: excellent overview, excellent, overview, credit report, credit, fantastic overview, rsa, report, kba

Measuring the Wrong Things?

2008-03-24 21:04:00 by Security Retentive in Security Retentive

...security. Nonetheless that seems to be how things go, so here comes another one NPR ran a story the other day titled " Doctors' 'Treat the Numbers' Approach Challenged ". The main idea in the story is that doctors have been treating patients and using the results of certain tests as the metrics by which they judge health. They treat a...

Tags: security, security comparable, metrics, security metrics, drug, cholesterol drug, cholesterol, lowers cholesterol, workshop held

Banning function calls, assurance, and retrofitting

2008-03-18 19:48:00 by Security Retentive in Security Retentive

...security issues in the code If you choose to get a dedicated team together to fix the old code, you're likely to save money in the short run. A dedicated team is going to get used to fixing the coding defects of this type, and you're going to make a lot shorter job of it. The downside being that the regular developers aren't getting some of...

Tags: code review experience, code, security sensitive context, context, security critical context, unsafe context, static analyzer, file defects, rand

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo