SEARCH RESULTS
 
Showing 1-10 of 140 records
 
Expand article

"Walking" with the SDL - Part 4

2008-07-25 20:49:00 by sdl in The Security Development Lifecycle
 
...final piece of my multi-part series on Walking with the Security Development Lifecycle (SDL) [ Part 1 , Part 2 , Part 3 ]. So far I have discussed getting management approval, expanding security training, formalizing security requirements and effective ways to reuse your threat model or attack surface review data. In this post, I will wrap up...
 
Tags: team, product team, requirements, define requirements, security requirements, security, final security report, threat models, re-review threat models
 
 
 
 
Expand article

ICANN's Announcement Of Anti-Domain Tasting Measures To Registrars

2008-07-08 15:42:32 by Editor in Cheap Hack
 
...Final Outcomes Report of the ad hoc group on Domain Tasting; Whereas, the GNSO Council resolved on 31 October 2007 to launch a PDP on Domain Tasting; Whereas, the GNSO Council authorized on 17 January 2008 the formation of a small design team to develop a plan for the deliberations on the Domain Tasting PDP (the "Design Team"), the principal...
 
Tags: icann, directly, fees directly, fees, registrar fees effective, effective, registrar-level fees, fee, per-transaction fee
 
 
 
 
Expand article

ICANN's Announcement Of Anti-Domain Tasting Measures To Registrars

2008-07-08 15:42:32 by Editor in Cheap Hack
 
...Final Outcomes Report of the ad hoc group on Domain Tasting; Whereas, the GNSO Council resolved on 31 October 2007 to launch a PDP on Domain Tasting; Whereas, the GNSO Council authorized on 17 January 2008 the formation of a small design team to develop a plan for the deliberations on the Domain Tasting PDP (the "Design Team"), the principal...
 
Tags: icann, directly, fees directly, fees, registrar fees effective, effective, registrar-level fees, fee, per-transaction fee
 
 
 
 
Expand article

"Walking" with the SDL - Part 3

2008-07-23 16:43:00 by sdl in The Security Development Lifecycle
 
...final security reviews and managing post-release documentation Formalize Requirements for long-term use Now that you are making security development a lifecycle, it is time to lock down and formalize your security requirements. At this point, you need to take what youve learned and begin translating your security principles into something...
 
Tags: security requirements serve, security requirements, security development lifecycle, security development, requirements, lifecycle, security lifecycle, security, security ecosystem
 
 
 
 
Expand article

ICANN's Announcement Of Anti-Domain Tasting Measures To Registrars

2008-07-08 15:42:32 by Editor in Cheap Hack
 
...Final Outcomes Report of the ad hoc group on Domain Tasting; Whereas, the GNSO Council resolved on 31 October 2007 to launch a PDP on Domain Tasting; Whereas, the GNSO Council authorized on 17 January 2008 the formation of a small design team to develop a plan for the deliberations on the Domain Tasting PDP (the "Design Team"), the principal...
 
Tags: icann, directly, fees directly, fees, registrar fees effective, effective, registrar-level fees, fee, per-transaction fee
 
 
 
 
Expand article

Monthly Blog Round-Up - November 2007

2007-11-30 17:18:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
...final entry about my own switch away from AV: A Bit More on AV and Closure (Kind of) to the Anti-Virus Efficiency/Effectiveness Saga Next on the top list is my other most favorite piece of writing: Ideal Log Management Tool And, finally, my logging polls ! Yes, they are popular too. In fact, Poll Results: Which Logs Do You Collect? takes the...
 
Tags: blog round-up, monthly blog round-up, monthly, top, top posts, top list, preserve computer logs, logs, anti-virus efficiency
 
 
 
 
Expand article

Wrapping up Threat Modeling

2008-02-14 22:51:35 by sdl in The Security Development Lifecycle
 
...final post, Id like to offer up some final thoughts on language, and cognitive load Specification versus Analysis When Larry Osterman was writing about threat modeling , he casually tossed out A threat model is a specification, just like your functional specification (a Program Management spec that defines the functional requirements of your...
 
Tags: threat, threat modelers, threat models, threat model, design, design specification, specification, set, challenges set people
 
 
 
 
Expand article

Its about convergence, stupid

2008-04-18 08:19:01 by HASH0x8af3298 in StillSecure, After All These Years
 
...final report and the final report shows it, well you know what I am saying. But seriously if it is good for Vyatta, why would it not be also good for Cisco Here is the real issue though that the author misses. We live in an age of convergence! The idea of having a stand alone box that only does routing is history and when Cisco themselves...
 
Tags: router, cheaper router alternative, dumb idea, idea, linux, linux apps, vendor idea, convergence, cisco
 
 
 
 
Expand article

Oh No! Security Metrics!

2008-04-18 12:43:00 by sdl in The Security Development Lifecycle
 
...final code in the first place . This last point is very, very important: you can't count a bug that was never created; the goal of the SDL is to not create the bugs in the first place Some of the many SDL principles that reduce or mitigate security bugs include Mandatory education (Net effect: fewer security bugs up front Design decisions...
 
Tags: bugs, implementation bugs, fewer security bugs, fewer, security bugs include, security, metrics, security metrics, security bugs