SEARCH RESULTS
 
Showing 1-10 of 424 records
 
Expand article

Software Security Metrics and Commentary on "Metrics Framework" Paper

2007-09-17 20:41:00 by Security Retentive in Security Retentive
 
I was reading the paper " A Metrics Framework to Drive Application Security Improvement " recently and some thoughts started to gel about what types of web application security metrics are meaningful This is going to be part-1 of 2 about the paper and software security metrics. In this first installment I comment on the metrics from the paper...
 
Tags: metrics, software security metrics, metrics framework, metrics miss, design-time metric, design, upstream sdl metrics, application, web application security
 
 
 
 
Expand article

Jericho Forum and the Collaboration Oriented Architecture (COA) position paper

2008-05-09 14:16:55 by Burton Group in Security and Risk Management Strategies Blog
 
Blogger: Dan Blum After discussing the concept of collaboration oriented architecture (COA) for some time, Jericho Forum released its COA position paper last month at the RSA and Infosecurity Europe conferences. The paper is now posted at http://www.opengroup.org/jericho/COA v1.0.pdf For those who may be unfamiliar with Jericho Forum, it started...
 
Tags: coa, coa framework, coa paper focuses, jericho forum, paper, reputation repository, reputation, coa position paper, future jericho forum
 
 
 
 
Expand article

Jericho Forum and the Collaboration Oriented Architecture (COA) position paper

2008-05-09 14:16:55 by Burton Group in Security and Risk Management Strategies Blog
 
Blogger: Dan Blum After discussing the concept of collaboration oriented architecture (COA) for some time, Jericho Forum released its COA position paper last month at the RSA and Infosecurity Europe conferences. The paper is now posted at http://www.opengroup.org/jericho/COA v1.0.pdf For those who may be unfamiliar with Jericho Forum, it started...
 
Tags: coa, coa framework, coa paper focuses, jericho forum, paper, reputation repository, reputation, coa position paper, future jericho forum
 
 
 
 
Expand article

PED vulnerability paper receives Most Practical Paper award at Oakland

The Article has images
2008-05-21 09:56:48 by Saar Drimer in Light Blue Touchpaper
In February, Steven Murdoch, Ross Anderson and I reported our findings on system-level failures of widely deployed PIN Entry Devices (PED) and the Chip and PIN scheme as a whole. Steven is in Oakland presenting the work described in our paper at the IEEE Symposium on Security and Privacy ( slides We are very pleased that we are the recipients of...
 
Tags: paper, practical paper award, pin entry devices, ieee symposium, ped, ross anderson, immediately improve, current environments, pin scheme
 
 
 
 
Expand article

A New Way to Back Up Digital Files on paper

2008-09-04 08:28:19 by Editor in IT Security - The IT Security Industry's Web Resource
 
This is pretty funny a free open source application where you can backup your data by printing it, on paper, in a bar code format. A friend of mine says he tried it and that it even works PaperBack is a free application that allows you to back up your precious files on the ordinary paper in the form of the oversized bitmaps. If you have a good...
 
Tags: paper, code, source code, paper backups, real programmers dared, data, data density, real programmers, flash cards
 
 
 
 
Expand article

Larry Sutos Paper Drama

2008-01-02 14:53:30 by RSnake in ha.ckers.org web application security lab
 
If you dont care about drama, skip this post, there isnt any new information in it Somehow I always end up being the center of controversy, even when Im really only vaguely interested in the subject matter at hand. This time it comes from the Full-Disclosure mailing list which is known for, among other things disclosing zero-day exploits in...
 
Tags: paper, larry sutos paper, scanners, commercial scanners, test environment, environment, test, time, people
 
 
 
 
Expand article

Blue Box #75: Asterisk vulnerability, SANS paper on VoIP security, SPIT, tons of listener comments and much more...

The Article has audio podcast
2008-02-11 14:31:43 by HASH0x8c00788 in Blue Box: The VoIP Security Podcast
 
Synopsis: Blue Box #75: Asterisk vulnerability, SANS paper on VoIP security, SPIT, tons of listener comments and much more Welcome to Blue Box: The VoIP Security Podcast #75, a 38-minute podcast from Dan York and Jonathan Zar covering VoIP security news, comments and opinions Download the show here (MP3, 17MB) or subscribe to the RSS feed to...
 
Tags: voip, voip-news top, voip-news, voip blogs, voip security news, security, voip security podcast, listener comment line, comment line
 
 
 
 
Expand article

Blue Box #75: Asterisk vulnerability, SANS paper on VoIP security, SPIT, tons of listener comments and much more...

2008-02-11 15:31:42 by Dan York in Blue Box: The VoIP Security Podcast
 
Synopsis: Blue Box #75: Asterisk vulnerability, SANS paper on VoIP security, SPIT, tons of listener comments and much more Welcome to Blue Box: The VoIP Security Podcast #75, a 38-minute podcast from Dan York and Jonathan Zar covering VoIP security news, comments and opinions Download the show here (MP3, 17MB) or subscribe to the RSS feed to...
 
Tags: voip, voip-news top, voip-news, voip blogs, voip security news, security, voip security podcast, listener comment line, comment line
 
 
 
 
Expand article

Fun Paper: "Logs vs Web Hacking"

2008-02-14 13:18:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
Now, I swear I was thinking of writing exactly the paper like this for a long time, but never found time to do it. I am soooo happy somebody else did it So, enjoy " Detecting Attacks on Web Applications from Log Files " in SANS Reading Room : logs vs OWASP Top 10 web attacks - the battle of the century - who will win (bet on logs One thing I...
 
Tags: logs, paper, attacks, web attacks, time, owasp top, web applications, log files, soooo happy