SecurityRatty: tag: philosophical

Making Threat Modeling Work Better

2007-10-17 00:23:53 by sdl in The Security Development Lifecycle

...philosophical and a lot more prescriptive than the one about flow. It explains exactly how and why I changed a couple of elements of the process. The first is the brainstorming meeting, and the second is the way trust boundaries may be placed The brainstorming meeting is a mainstay of expert threat modeling. Its pretty simple: you put your...

Tags: threat, process, process helps ensure, developers threat model, database design process, security, trust boundaries, threat model, security experts

The cost of a code signing certificate

2008-01-17 07:31:00 by Keith Brown in Security Briefs

...philosophical question: what use is PKI anyway if the end user doesn't understand it? If every software vendor creates one of those web pages (I'm sure you've seen them) instructing users on what to do when they see the above dialog ("press YES"), then ultimately what's the cost to the consumer I don't like tithing to my certificate authority...

Tags: code, cheap, cheap code, cert, root store, root, philosophical question, issue, install

NAC's Polymorphic Paradigm

2008-03-27 02:28:41 by JJ in Security Uncorked

...philosophical and theoretical framework with multiple forms of a single product I suppose Im fine with it as long as it all works. But I would certainly prefer a world where we have some truth in terminology so our customers can easily identify what products, technologies and features theyre actually getting. Until then- just check under the...

Tags: nac, nac sticker, nac vendors, polymorphic paradigm, single product, technology, terminology twists, current technology, remote access vendors

Microsoft SDL Process in detail

2008-04-09 19:13:00 by sdl in The Security Development Lifecycle

...philosophical notes and the like. Adam Shostack did a fabulous job on the threat modeling series ; Eric Bidstrup took a deeper look at the perceived vs. real benefits of the Common Criteria and I have penned a moderately well received screed or two from time to time However, one of the common requests (complaints?) that I have heard is that...

Tags: sdl, microsoft sdl, sdl process, microsoft, sdl guidance, guidance, secure, secure software development, development

Symantec's John Thompson on Cisco, Microsoft and McAfee

2008-04-14 23:17:59 by HASH0x8b6d158 in StillSecure, After All These Years

...philosophical point of view that if you compete with me, you can't partner with me." Amen to that John On McAfee: "It's a nice little company and they do a nice job. The industry needs competition." Ouch, that was mean On Microsoft entering security: "It's been much ado about nothing. Their results have been fairly abysmal Seeing John this...

Tags: john thompson, john, cisco, nice, nice job, symantec, microsoft, sharp leads, fairly abysmal

Log Haiku #1

2008-04-22 14:40:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

...philosophical and so I dug out my old log haikus that were created for a first iteration of my book on logs (every chapter was supposed to start from a weirdly funny haiku on logs I figured since these are not going to be used for the book, I will just post them here, one a day But I am warning you!!! These are bad haiku indeed. :-) Here...

Tags: log, log forensics, log haikus, log management, idaho issa conference, weirdly funny haiku, bit philosophical, logs, short class

Symantec's John Thompson on Cisco, Microsoft and McAfee

2008-04-15 00:17:48 by ashimmy in StillSecure, After All These Years

...philosophical point of view that if you compete with me, you can't partner with me." Amen to that John On McAfee: "It's a nice little company and they do a nice job. The industry needs competition." Ouch, that was mean On Microsoft entering security: "It's been much ado about nothing. Their results have been fairly abysmal Seeing John this...

Tags: john thompson, john, cisco, nice, nice job, symantec, microsoft, sharp leads, fairly abysmal

Why [Some] Smart People Hate Logs?

2008-05-08 11:20:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

...philosophical posts Now, some people hate logging , because logs are too hard to deal with (enable, collect, store and especially understand and interpret). However, there is a whole other group of fairly intelligent people who "hate logs:" the organizers of some well-known technical security conferences. The experience of many of my...

Tags: logs, logs sexy, people, fairly intelligent people, data, index data, darn philosophical posts, experience, exact experience

Security Thoughts from TechEd 2008

2008-06-26 15:07:00 by sdl in The Security Development Lifecycle

...philosophical security geekness. This year I gave two talks and one "chalk talk." The talks were "Top Ten Strategies To Secure Your Code" and "How To Review Your Code and Test For Security Bugs", and the chalk talk, which was a lot of fun, was simply answering numerous developer questions It's interesting to gauge overall security awareness...

Tags: security, numerous developer questions, questions, highly specific questions, requirements, security knowledge, sdl requirements, maturity, security maturity

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo