SEARCH RESULTS
 
Showing 1-10 of 35 records
 
Expand article

The Security Mindset

2008-03-25 05:27:19 by schneier in Schneier on Security
 
...mindset. Security professionals -- at least the good ones -- see the world differently. They can't walk into a store without noticing how they might shoplift. They can't use a computer without wondering about the security vulnerabilities. They can't vote without trying to figure out how to vote twice. They just can't help it SmartWater is a...
 
Tags: security mindset, mindset, security mindset immediately, security mindset explains, security mindset simply, security, security mindset involves, involves, security requires
 
 
 
 
Expand article

The Security Mindset

2008-03-25 05:27:19 by schneier in Schneier on Security
 
...mindset. Security professionals -- at least the good ones -- see the world differently. They can't walk into a store without noticing how they might shoplift. They can't use a computer without wondering about the security vulnerabilities. They can't vote without trying to figure out how to vote twice. They just can't help it SmartWater is a...
 
Tags: security mindset, mindset, security mindset immediately, security mindset explains, security mindset simply, security, security mindset involves, involves, security requires
 
 
 
 
Expand article

Evolving Schneiers Security Mindset

2008-04-28 12:30:42 by Alex in RiskAnalys.is
 
...mindset. Security professionals at least the good ones see the world differently. They cant walk into a store without noticing how they might shoplift. They cant use a computer without wondering about the security vulnerabilities. They cant vote without trying to figure out how to vote twice. They just cant help it Bruce Schneier For me,...
 
Tags: mindset, security, security mindset matures, security mindset, security professionals, security requires, security vulnerabilities, applicable threat community, threat community
 
 
 
 
Expand article

Developing and Retaining a Security Testing Mindset

2008-10-08 04:42:08 by Editor in IEEE Security and Privacy
 
...mindset is a hard task. Moreover, as hard as it is to develop it, it's just as hard to retain it and effectively apply it during testing. The authors discuss what it takes to conduct successful software security testing, primarily by describing how to develop a security testing mindset, retain it, and effectively apply it. In particular, they...
 
Tags: security, mindset, security assurance, effectively apply, hard task, hard, develop, authors discuss, retain
 
 
 
 
Expand article

Mainframe Mindset

2008-08-13 21:18:17 by Gunnar Peterson in 1 Raindrop
 
...mindset is fine when its your own employees in a room using a terminal, but its another thing altogether when you are integrating with a distributed system. This is where we need more focus on securing the subject and the claim, not just the resource. This is of course where new standards and technologies such as SAML and Information Cards...
 
Tags: mainframe, mainframe security model, mainframe business, object resource, resource, subject, claim, web services gateway, security
 
 
 
 
Expand article

The Ethics of Vulnerability Research

2008-05-14 11:29:45 by schneier in Schneier on Security
 
...mindset, and looking for vulnerabilities nurtures that mindset. Deny practitioners this vital learning tool, and security suffers accordingly Security engineers see the world differently than other engineers. Instead of focusing on how systems work, they focus on how systems fail, how they can be made to fail, and how to prevent--or protect...
 
Tags: software security experts, software, vulnerabilities nurtures, vulnerabilities, exploitable vulnerabilities, vulnerabilities lie dormant, security vulnerabilities, computer, computer security experts
 
 
 
 
Expand article

The Trouble with Threat Modeling

2007-09-26 19:11:00 by sdl in The Security Development Lifecycle
 
...mindset to think like a bad guy. Not everyone can switch into that mindset. For instance, I can't think of the number of times I had to tell developers on my team "It doesn't matter that you've checked the value on the client, you still need to check it on the server because the client that's talking to your server might not be your code...
 
Tags: threat, threat models, threat model, reasons threat, service threat, term threat, threat effectively, playsound threat model, development process
 
 
 
 
Expand article

Evil BETAs Attack!

2008-06-30 17:45:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
...Mindset: Public Enemy #1 " piece from Mike R (BTW, it is a MUST-read ). The maybe refresh on what I said after reading " Geekonomics ." Then think Yes, it is available today (as beta maybe - but then again "all software is beta Yes, it is free Yes, it works ... well, when it does Yes, you can trust, say, your email to it (who cares when it...
 
Tags: software manufacturers, beta, software, beta mindset, public, public enemy, programmer mindset trickles, geekonomics, aircraft engine
 
 
 
 
Expand article

Grande Theft Auto... What Was He Thinking?

The Article has images
2008-07-03 04:05:00 by JJ in Security Uncorked
...mindset as Schneier refers to it Always suspicious always calculating always aware and certainly never underestimating a situation And so then I had to muse WHAT WAS HE THINKING leaving the car running and unlocked to go after the siren with the cell? For the sake of politeness, I kept my question to my inside voice, but I do have to wonder...
 
Tags: phone home, phone, cell phone, security mindset, security, true security story, car troubles, story, car
 
 
 
 
Expand article

Thoughts on Token Security

2008-08-26 16:35:23 by Gunnar Peterson in 1 Raindrop
 
...mindset , they are focused only on resource protection. the problem is they dont run mainframes on closed networks, they went and connected it to the web and so now they need to think about subject and claim security not just resource security. its not hatred its a lack of understanding stemming from a legacy mindset Linking up identity...
 
Tags: security, global federation, federation, single federation platform, security mechanism, resource security, security consultants, consumer web applications, web