Developer fixes 33-year-old Unix bug
An OpenBSD developer has discovered and fixed a bug in the software that has been traced back to an AT&T version of Unix from 1975
SEARCH RESULTS
 |  |
 |  |
 |  |
 |
Showing 1-10 of 71 records
| |
| |
| |
|
Sexy Development Lifecycle
...developer, and then continue on with the tester, the pentester, the netadmin, and everyone else in the product lifecycle
Instead of teaching pentesters how to find vulnerabilities, Id rather be teaching developers how to write their code correctly in the first place so that the pentesters dont have any vulnerabilities to find. But, as a...
| |
| |
| |
|
The Other Side of Life
...developer, but it should work
At which point the room erupted into hysterical laughter
It should work means I think so, but we have to test it. And that means the whole battery of tests for each of the affected components, across all of the supported platforms. And that has to be scheduled in test labs. To be clear, this wasnt a lack of...
| |
| |
| |
|
Is Microsofts SDL Working?
...developer went through
So, how do we determine whether the SDL is working? Microsoft suggests that this is a simple exercise simply compare the number of public vulnerabilities disclosed for products prior to SDL with similar products developed after SDL. The most recent case was comparing Windows XP SP2 to Vista vulnerabilities in the first...
| |
| |
| |
|
Is Microsoft???s SDL Working?
...developer went through
So, how do we determine whether the SDL is working? Microsoft suggests that this is a simple exercise ??? simply compare the number of public vulnerabilities disclosed for products prior to SDL with similar products developed after SDL. The most recent case was comparing Windows XP SP2 to Vista vulnerabilities in the...
| |
| |
| |
|
Security Evolution
...developers invented CGI/PERL for more dynamic sites. Once they wanted to scale and pool they built out ASP and JSP, then to deliver middle tier components they developed EJB, J2EE, and DCOM. After that there were a lot of heterogeneous systems that needed to talk to each other so SOAP and XML came along to address that. This path diverged...
| |
| |
| |
|
The Business Case for WAFs + Testing
...developer battle(yes XSS is not good) they where left with two not good options
Lose the customer
Stop the rewrite and spend a few months digging through old code to fix these issues
Now from a business point of view neither of those makes sense. At the time we where in the WAF hater camp but we saw that in this case it made total sense. The...
| |
| |
| |
|
Security Between Virtual Machines?
...developer of the Drupal software didn't do Form Field Validation properly. A Form field is something you fill out on a web page like a form that asks for the user name and password. User names and passwords to log into the web site are stored on whats called a Database Server. Hmmm... So this means the web server needs to talk to the database...
| |
| |
| |
|
Security Thoughts from TechEd 2008
...developers and the other to IT professionals. I think that breaking down the conference into a Developer week and an ITPro week was a good idea, and it allowed us to have good conversations with people who wanted more information about the SDL. I did two main things at TechEd:, I presented on threat modeling, and I spent a lot of time talking...
| |
| |
| |
|
Walking with the SDL Part 2
...developer, QA/test, and PM levels. If you have been crawling, you have probably already implemented some sort of discipline-specific training around things like threat modeling, using compiler defenses, and fuzz testing. Now that you are building a lifecycle, your goal for security training should expand. Security training should be about...